When Ryan Kazanciyan investigated data breaches as an incident response expert for his former employer Mandiant, the theme was always the same. “Every single one had an antivirus, HIPS, SIEM, network- and host-based IDS solutions, and all were compromised. They weren’t compromised because of rootkits, hardware-resident malware, incredibly covert, advanced” threats, he recalls of Mandiant’s IR clients. “They were all compromised because they had failed at the most basic levels of hygiene.”
Meaning they didn’t have full visibility of all of their #endpoints and servers, didn’t keep up with #patches and #updates, and they didn’t segment their networks.
