honestly friend it is almost impossible to guarantee preventing that
the asymmetry between attackers/defenders is defenders have to succeed every time, an attacker only need to succeed once, and can just keep trying until they do. that's why "persistent" is in the term "advanced persistent threat"
so the focus in recent years has shifted away from trying to completely prevent attackers gaining access, towards adequately detecting and responding when they do. similar to the "defend forward" doctrine in the public-sector
this is actually pretty effective, if a corpo just has decent basic security practices and monitoring, they can detect and stop basically all common threats
attackers that actually do the huge effort to avoid loud TTPs, develop custom tooling, etc, required to avoid that basic monitoring and detection are actually very rare
:niggy: /
npub1d0…jahqw
2024-01-20 16:36:23
in reply to nevent1q…64eq
Author Public Key
npub1d0npefkxtfkcptjdawvwkfu58japhjfaljt4hqtpq2xqn8pt2nwqdjahqwPublished at
2024-01-20 16:36:23Event JSON
{
"id": "13ca2bf5dab10154545cff027febc6ce2d383d79db10d45769337cc28227ee30",
"pubkey": "6be61ca6c65a6d80ae4deb98eb27943cba1bc93dfc975b8161028c099c2b54dc",
"created_at": 1705768583,
"kind": 1,
"tags": [
[
"p",
"4eab7bbee648684cc1d9c2ef5dce42f1f86fc290a9dd29cf2c2b68b493c042d7",
"wss://relay.mostr.pub"
],
[
"e",
"619c848a9cc9b9f9562bef3eb74c1ffc1c7a472d0bef1c928ae8c68095aeb56f",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://poa.st/objects/f57ab9dc-a36b-40d2-a473-768acbf468cd",
"activitypub"
]
],
"content": "honestly friend it is almost impossible to guarantee preventing that\n\nthe asymmetry between attackers/defenders is defenders have to succeed every time, an attacker only need to succeed once, and can just keep trying until they do. that's why \"persistent\" is in the term \"advanced persistent threat\"\n\nso the focus in recent years has shifted away from trying to completely prevent attackers gaining access, towards adequately detecting and responding when they do. similar to the \"defend forward\" doctrine in the public-sector\n\nthis is actually pretty effective, if a corpo just has decent basic security practices and monitoring, they can detect and stop basically all common threats\n\nattackers that actually do the huge effort to avoid loud TTPs, develop custom tooling, etc, required to avoid that basic monitoring and detection are actually very rare",
"sig": "d1ed865d091ec7232ae64775b2fe9b18659429ae07035a647891bc23d8f2ca3e23befb2bba845dd698bfe8a4acd32619c0c13c72a0234ce7f2f81a6d8cd43693"
}