Episode 49 — Apply active defense techniques that increase visibility and adversary friction
This episode focuses on active defense techniques that strengthen detection and slow adversaries, which GSOM may test by presenting options that range from safe improvements to risky actions that create legal or operational problems. You will define “increasing visibility” as ensuring key attacker behaviors leave reliable evidence, such as improved endpoint telemetry, richer identity logging, stronger network flow coverage, and tighter audit logging on critical cloud and administrative planes. We will define “adversary friction” as raising the cost of attacker movement through segmentation, least privilege, stricter authentication controls, hardened admin workflows, and careful monitoring of high-risk pathways like remote access and privileged tooling. Real-world scenarios include restricting lateral movement using network controls, detecting suspicious admin actions through better audit trails, and instrumenting “canary” access patterns to highlight misuse, with troubleshooting considerations like exception sprawl, user impact, and the need to validate that the friction does not break required operations. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
