Is Relying on Prevention Enough to Keep an Organization Secure?

With the current state of cybersecurity, the risk is increasing daily. Certain businesses continue to assume that prevention alone will safeguard their operational information technology infrastructure from attackers seeking to compromise their assets. While preventative systems may aid in the avoidance of well-known risky activities, a competent attacker may be able to get around them by developing complicated malware or altering the behavior of their operations. While penetration testing and red teaming offer methods to avoid detection, a novice penetration tester will depend on a simple procedure, not mimicking advanced techniques employed by Advanced Persistent Threats (APTs). This paper will illustrate the risks of relying only on prevention without detection, as shown by successfully dodging a well-known commercial Extended Detection and Response (XDR) solution, and how threat hunting can fill in the gaps.