An adversary has successfully carried out a cyber-attack, the proverbial stuff has hit the fan, and it’s all hands on deck to figure out what happened. Unfortunately, it’s not until this type of incident response happens that organizations perform any type of analysis. The silver lining is that these situations can provide invaluable understanding of the threats facing an environment; however, they’re costly, both in terms of time and effort and impact to the business.
Unbeknownst to most organizations, just as much (and likely much more) insight can be gained from identifying and analyzing the attacks that fail. Analyzing what happened and what could have happened means defenders can gain a better understanding of how an adversary operates, and then use that knowledge to defend against that adversary and others like them.
So why aren’t more organizations doing this type of valuable analysis?