Security News > 2020 > September > Enterprise Threat Visibility Versus Real-World Operational Constraints
The phrase "Assume breach" has been transformational to enterprise security investment and defensive strategy for a few years but may now be close to retirement.
Sizable investments in enterprisewide visibility should have reversed the much older adage "a defender needs to be right all the time, while the attacker needs to be right only once" into something like "An attacker needs to be invisible all the time, while the defender needs them to slip up only once." Unfortunately, security operations and threat-hunting teams have found that instead of automatically spotting needles in a haystack, they must now manage haystacks of needles-if they're properly equipped.
For under-resourced security teams, advances in enterprisewide visibility have in the best case added hundreds of daily alerts to their never-completed to-do lists.
As security budgets have morphed, a higher percentage of spend has been allocated to increasing visibility on the premise that more threats will be preemptively detected, blocked, and mitigated.
Prevention investments tend to be threat reactive, while modern detection technologies tend to be increasingly successful in identifying behavioral anomalies.