There is a well known blue team problem in cyber security.
Blue teams defend everything.
They have little hand in choosing the time or place of
incidents.
A lot of threat surface area to defend.
And, too much to try to tackle at once.
Perhaps it’s time to change the dynamics.
Prioritization around cyber risks.
Focused capability building.
Increased observability.
With these, blue teams can build a foundation to reduce disruptive incidents. And frame the rest.
You won't win a swim meet by treading water. Likewise, your team won’t "respond" or "contain" your way to blue team success.
You have to prioritize and build your way to reducing the threat surface
area.
The change in dynamics: blue teams as builders.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment