:niggy: on Nostr: honestly friend it is almost impossible to guarantee preventing that the asymmetry ...
honestly friend it is almost impossible to guarantee preventing that
the asymmetry between attackers/defenders is defenders have to succeed every time, an attacker only need to succeed once, and can just keep trying until they do. that's why "persistent" is in the term "advanced persistent threat"
so the focus in recent years has shifted away from trying to completely prevent attackers gaining access, towards adequately detecting and responding when they do. similar to the "defend forward" doctrine in the public-sector
this is actually pretty effective, if a corpo just has decent basic security practices and monitoring, they can detect and stop basically all common threats
attackers that actually do the huge effort to avoid loud TTPs, develop custom tooling, etc, required to avoid that basic monitoring and detection are actually very rare
the asymmetry between attackers/defenders is defenders have to succeed every time, an attacker only need to succeed once, and can just keep trying until they do. that's why "persistent" is in the term "advanced persistent threat"
so the focus in recent years has shifted away from trying to completely prevent attackers gaining access, towards adequately detecting and responding when they do. similar to the "defend forward" doctrine in the public-sector
this is actually pretty effective, if a corpo just has decent basic security practices and monitoring, they can detect and stop basically all common threats
attackers that actually do the huge effort to avoid loud TTPs, develop custom tooling, etc, required to avoid that basic monitoring and detection are actually very rare