IT security can be intense. Attackers come from all quarters. They can be internal or external. They can be creative and persistent, regularly finding ways to circumvent the prevention tools and methods used by IT security teams.
Many security attacks, in particular APTs (Advanced Persistent Threats), follow similar approaches in the attacks: starting with simple low level connections to the server, then elevating their privileges, new account creation, followed by adding files/programs/services and configuration changes such as port openings.
Active monitoring and alerting to changes on critical systems is the final line of defence before the drama of a serious IT security breach unfolds with the damage to reputation and brand that goes with it!
The two conventional categories of IT security tools have limitations:
- Perimeter protection tools are essential to IT security but insufficient.
- Attack detection tools are in a perpetual state of catch-up to the latest attack vectors being used by hackers.