The news of continued cyberattacks, suspected cyberattacks, ongoing state-sponsored influence operations, or any other number of buzzwords can leave security folks feeling overwhelmed and hopeless. Particularly for those of us who have spent time on the Blue Team (read: defenders), there’s more than a kernel of truth in the old adage that the attacker must be right only once, and defenders must be right every time.
But that doesn’t tell the whole story—there are techniques to slow attackers, detect attacks before they exfiltrate data, limit exposure, etc. Defense in Depth and Diversity of Defense are both very real techniques, but like many cybersecurity solutions, they require a large investment in time, money, and effort to be properly deployed and maintained. In fact, this is the single largest challenge for those tasked with defending high value networks and assets: Even with a large number of resources, the landscape seems so large, the risks so great, and opportunities for exploitation lurk around every corner. Where do you start—particularly when you’ve already got some security measures in place?
