Attackers aren’t giving up when they encounter resistance, anymore. You’ll need to run your defense playbooks more than once. And your life will be a lot easier if you’re not making it up as you go.Even easier if you have automation applied to the processes that are well-suited to machines.
Increase the time pressure on attackers. (Everyone makes more mistakes when they’re rushed.) Have a capable 24/7 security operations center or managed detection and response (MDR) provider to handle alerts around the clock. Add a threat hunting capability, in-house or outsourced, to find attacker activity that didn’t set off detections. And then, you can focus your in-house defenders on the work that is unique to defending your organization. Have them concentrate on the systems and processes that nobody else can defend.
Provide your defenders a way to measure and reduce your external attack surface, giving attackers fewer opportunities in the first place. Similarly, determine what’s “normal” for the inside of your network and preemptively block otherwise-legitimate tools used by attackers that your organization doesn’t need.