Take Action

Understanding the important trends in adversary tradecraft, the threats adversaries are leveraging most often, and the techniques they abuse in intrusions is crucial to effective security operations. After reading this report, ask yourself:

• Is there anything my organization can do to improve the security of our identity infrastructure in the short, medium, and long term?
• Am I confident that my security operations team has sufficient security controls to combat the prevalent threats listed and analyzed in this report?
• Does my company have sufficient defense in depth against the prevalent techniques highlighted here and across previous Threat Detection Reports?

If the answers to any of those questions range between “I’m not sure” and “no,” then there are probably security controls you can implement to better prevent breaches at your organization. Some of them—like implementing conditional access policies that enforce MFA across your organization—will have a vast, immediate impact at diminishing the risk posed by wide varieties of threats. Some are readily accessible and relatively simple to implement, like creating a GPO to open potentially dangerous files in Notepad by default. Others are hard, will take time, and may not pay off in the immediate term, like developing a robust strategy for monitoring API calls across your cloud environment. However, nearly every organization on the planet, regardless of their resource or budget constraints, can do something better.

If you want more in-depth information about prominent trends, threats, and techniques, including extensive detection and testing guidance, read the 2024 Threat Detection Report. And speaking of Threat Detection Reports, stay tuned for the seventh annual Threat Detection Report, which will drop in spring 2025!