ride.
Log everything You never know what you needSecurity operations often log a tremendous amount of unactionable data. Logging maybe
due to compliance requirements, vendor recommendations, lack of
understanding of data sources, or abetter safe than sorry' mindset. This misunderstanding leads to bottlenecks and overburdened security analysts.
Patch, patch, patch. Threats only use exploitsA common misunderstanding or viewpoint is threats only use exploits. This is far from the truth. Patch management is an essential factor in a comprehensive security program that helps with attack surface reduction. Threats understand this and may change their tactics. This concept is further explored and discussed in the text as exploitation without exploits”.
Our security tools will save usThe security industry is very dependent on security tools. Unfortunately, many do not know how these tools work. The lack of understanding leads to poor tuning and misconfiguration. Tools should improve the efficiency and capability of our security defenders and analysts and not drive security operations directly. These are tools. A hammer and nails won't build a house without a carpenter.
There are numerous reasons why the above scenario is successful. These bullets are lighthearted attempts at humor they are more often than not issues in practices and thought processes of real- world organizations.
Share with your friends: 
