“Our products have become so specific, so tactical even, that our thinking has become tactical. We’re losing our strategic edge because we’re so focused on today’s issues.”
John G. Heidenrich
Every once in while, an incident responder will start an investigation with a prickling sensation in the back of his mind. Some call it a premonition, some call it deja vu, but as the investigation unwinds, it will inevitably hit him: he has done this before. This. Exact. Same. Investigation.
Whether it was a month ago or a year ago, incident responders find themselves dealing with the same situation manifesting itself in the same way. The same vulnerabilities, the same lateral movement, maybe even the exact same stolen or reused passwords. At this point, many find themselves shaking their fists at the sky, asking how this could have happened. Didn’t we learn from the last time? Didn’t we fix the problems? And unfortunately, the answer is often no. When the last incident was resolved, there were other things to worry about, other problems requiring the attention of everyone from the IT manager to the CIO, and since the problem had been “resolved,” there was no more time to spend thinking about it. Lessons were not learned, and although some small changes may have been made, there was no lasting impact on the security of the organization because new, urgent problems took priority.
There is a misconception about strategic intelligence that has resulted in ...