The book includes insights from the following experts:

  • Micah Czigan, CISO, Georgetown University
  • Mark Eggleston, CISO, CSC
  • Nick Jones, CISO, TUI
  • Bradley J. Schaufenbuel, VP & CISO, Paychex
  • Saeed Valian, CISO, symplr
  • Aaron Weismann, CISO, Main Line Health
  • Joe Ariganello, VP of Product Marketing, Anomali

The Need to Focus on the Adversary was generously sponsored by Anomali.

The rapidly falling cost of processing power and storage has dramatically changed the face of information technology over the past decade, both for security teams and threat actors. Security information and event management (SIEM) technologies, which ingest log data from multiple sources, have long been our go-to means of correlating and alerting on events across applications. But SIEM solutions are limited to a reactive focus on a victim’s devices, applications, or users.

Extended detection and response (XDR) moved us forward to actively match artifacts of threat intelligence against local security logs. Integrated with your security stack, XDR can automate actions—such as blocking an attacker’s domain name in your Internet Provider Security tag or web content filter—and help to quickly determine how long a newly discovered attacker may have been in your network. Though, if computers can beat chess masters, it stands to reason that we
can build systems to defeat the bad guys before checkmate.

Focusing on the adversary is a new approach to take with threat detection and response. Attackers favor specific tools and tactics, and, by casting a wide net, we can infer the avenues available to attackers depending on what is accessible to
them and what kind of attack they are attempting. Next-generation platforms use advanced artificial intelligence and machine learning to not only proactively detect active attacks but also predict an adversary’s next steps.