After the final compromise recovery, steps have been completed and we are back in control. There has been a round of applause and many sighs of relief.
Now what? Is everything going back to as it was in the past? Absolutely not! A compromise recovery engagement is an accelerated way of doing numerous amounts of cybersecurity configuration and upgrades in a short amount of time. Just because the Domain Admins have basic protection it doesn’t mean that the full environment is secure yet.
After a compromise recovery engagement, we follow up with what we call security strategic recovery. This is the plan for moving forward to get the environment up to date with security posture. The plan consists of different components like Securing Privileged Access and extended detection and response (XDR), depending on the organizational needs, but it all points in the same direction: moving ahead with Zero Trust strategy over traditional network-based security.
Read more…
Source: Microsoft