Our goal is to interrupt this chain and eliminate the threat.

Strategy → Disrupt, Contain, Deceive

Against Reconnaissance

Detective methods:

• Detect attackers using web analytics to note abnormal behavior
• IP addresses with bad reputation
• Multiple events using the same IP is suspicious

Prevention methods:

• Firewalls
• Whitelisting
• Segmenting your enterprise

Against Weaponization

Rapid patching

Against Delivery

Robust security training and awareness programs.

• Antivirus
• Firewalls
• Intrusion prevention system (IPS)

Against Exploit