Network traffic is increasing exponentially imposing ever increasing challenges to network monitoring and analysis tools. BYOD, Vx workloads, migration to SaaS etc. add complexity and unpredicted traffic patterns. All these expose significant surface areas for threat vectors to execute. Bad actors move and out of the network. It is simply naïve to imagine that networks cannot be compromised or have not been already compromised. APT and zero-day attacks are here to stay.
Continuous Adaptive Risk and Trust Assessment (CARTA) based policy management must be enforced through the network. These will at the very least ensure that the SIEM teams are ready when the event happens and perhaps can even steer the attacks away or reduce the exfil and lateral movement of these attacks as they happen