Five Barriers to Complex Incident Resolution
We know that it’s fully within our power to stop the progress of, and limit the damage caused by, complex threats even once they’ve penetrated the corporate perimeter. For starters, it’s worth remembering that the majority of the Initial Access tactics within the MITRE ATT&CK enterprise framework are still relatively traditional.
Complexity begins with tactics such as lateral movement, the establishment of backdoors, and with various modes of payload delivery and stealth. But what stops IT security teams from being able to exercise their power and expertise to prevent an incident from becoming a complex incident? And, once the incident has become complex, why is it often so very hard to mitigate and resolve successfully?