Security-savvy organizations understand that it’s best to assume that their systems are breached. It’s one reason why zero-trust architectures get so much attention nowadays, and it’s why more enterprises have threat hunters who go on the lookout for attackers that are already active on their networks.
This practice has grown popular because threats have become so pervasive, and traditional intrusion detection/prevention systems dispatch too many false positives. They can be too easy to circumvent. Still, threat hunters can’t catch everything, and there are not enough people with these skills to go around. So, where do security teams go to get some relief? More are turning to active defense, or deception technologies, to help identify attacker movement within their systems.