Conventional Defense Principles

We are always taught as cybersecurity practitioners that the best defense consists of identifying and mitigating risks that adversaries of various different types bring into consideration. However, we all know there will be incidents where threat actors will be gain access to systems. It is only a matter of time before one of these threat actors are successful in gaining initial access. This is where continuous monitoring, and incident response comes into play. Analyzing user behavior and analytics can play a role in this early detection, as well as other conventional detection and response systems such as XDRs and EDRs aim to help alert intrusion on IoT, Applications, and other enterprise devices. This combined with XSOAR platforms, SOC teams are able to automate a large number of conventional response actions through the use of playbooks, designed to create a set of generic response and standard operating procedures to a common set of incidents that might occur in your environment. However, is this enough? Is there more that can be done in order to gain more intel or attribution? Can we get more of a sense of how adversaries might behave in the environment if they are given more opportunity within the network to exploit? These are all questions that have led to some taking an "active defense" approach to cybersecurity.