It\u2019s more difficult than ever to protect our infrastructure, government, and businesses from becoming victims of well-funded, skilled adversaries. From the Log4j vulnerability to the SolarWinds hack to the Colonial Pipeline cyberattack, organizations are more vulnerable to cyberattacks than ever before. In fact, 87% of enterprises across 11 countries have fallen victim to cyberattacks in the past three years.\n\nSo what more can your cybersecurity team do? After all, they\u2019re facing incredible hurdles, from limited resources and a shortage of skills to a decentralized security infrastructure and an attack surface that\u2019s spreading rapidly in all directions.\n\nClearly, it\u2019s time for a new approach \u2014 one that helps you stay ahead of the adversary by moving beyond defense-in-depth, reactive detection, and response capabilities to a proactive security strategy powered by threat intelligence. \n\nProactive defense strategies start with knowing the adversary \n\nAs adversaries emerge, CIOs, CISOs, SOC analysts, and threat analysts alike must be able to quickly evaluate the risk and potential impact on the business. For example, the CIO of a retail bank might read about an attack on banks within their geographic area and want to know whether their bank is at risk of attack.\n\nIf the CIO\u2019s security team has the right threat intelligence on the adversary at their fingertips and can correlate that information with telemetry data from their environment, they can answer questions that help determine their risk and which mitigating actions should be taken, including:\n\nAnswering these questions requires massive amounts of global intelligence and data. And with overwhelmed and understaffed security teams, organizations need a way to curate all the telemetry data and intelligence to make it relevant and actionable. Automating a proactive, adversary-focused approach to security is the only way to win against attackers today.\n\nThat\u2019s why you need adversary detection and response\n\nExtended detection and response (XDR) solutions give your security team visibility across all your control points, collecting telemetry data and correlating it to accelerate detection, streamline investigations, and help analysts do more with less work. But even the best XDR solutions cannot help predict what may happen next.\n\nWhat you need is adversary detection and response (ADR). ADR gives you tools, such as the MITRE ATT&CK framework for a map of the potential attack along with the global intelligence required to understand your enemy so you can better defend your organization. ADR is XDR that\u2019s powered by relevant, actionable threat intelligence at scale.\n\nADR helps you understand where your adversaries are based and who they target as well as their tactics, techniques, and procedures (TTPs) and goals. With this understanding, you can predict their next moves and proactively protect your business. With an ADR approach, you can adopt a risk-based cyber-defense strategy, leveraging machine learning, analytics, and automation as enablers to help you focus on the adversaries that matter\u2014then outmaneuver them.\n\nThreat intelligence is the foundation for effective ADR \n\nThreat intelligence is more than knowing a domain name or IP address used by an attacker. Your team needs access to a comprehensive threat intelligence repository and tools that enrich the context around threats, automatically correlate threat intelligence with telemetry data, and turn massive amounts of data into relevant, actionable intelligence to inform decision-making. \n\nWithout threat intelligence, you can\u2019t do ADR. Bad actors share TTPs, they pass on information that helps their fellow cybercriminals, and they work together to be more effective. But all of us good actors are hindered by a persistent lack of sharing.\n\nAs a cybercommunity, we need to adopt the bad actors\u2019 model of sharing intelligence. We need trusted communities where you can share and listen so that everyone can be more vigilant 24x7. To learn more about communities for sharing threat intelligence, check out Anomali\u2019s trusted circles and sharing community portals. For a real-world example of the benefits of sharing threat intelligence, watch the webinar \u201cIntelligence Sharing: The Key to Stopping Breaches is Teaming Up.\u201d\n\nSharing information and staying ahead of adversaries with an ADR approach is the only way to win today.\n\nTo learn more about detecting adversaries, watch this webinar: \u201cAnomali Threat Day: Evolving Threat Hunting to Adversary Hunting Using Threat Intelligence, Presented by Cybersixgill.\u201d\n\nKaren Buffo\n\nChief Marketing Officer, Anomali\n\nKaren Buffo is Chief Marketing Officer at Anomali. She brings more than 15 years of experience in global security, with a track record of developing and executing leading marketing strategies, resulting in value for customers, shareholders and employees. Prior to Anomali, Karen was CMO of Symantec, a role Broadcom appointed her to after its acquisition of the company. While at Symantec, she defined and implemented its global marketing strategy across all activities to strengthen its brand and drive growth for the cybersecurity business. Before Symantec, Oracle selected her to oversee global communications for its executive office. While in this role, she oversaw the development, implementation, and supervision of internal and external executive communications along with corporate thought leadership. Karen\u2019s diverse background in business enablement and global marketing has lent itself to a holistic view of companies and their unique capabilities, opportunities, and drivers. This has led to her consistently providing sustainable value to the businesses she has served. Karen is a recognized industry keynote speaker, mentor, and contributor to the cybersecurity community. Karen holds a bachelor\u2019s degree in Consumer Science and Business Administration from the California State University at Sacramento.