Agencies often point to the cyber controls they have in place to indicate a strong defense posture. But having those controls in place doesn’t necessarily mean they’re configured properly, and providing the immediacy of detection and response necessary to properly defend the network.
