* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Company \& Culture](https://origin-researchcenter.paloaltonetworks.com/blog/category/company-culture/)
* Creating a Security Progr...

# Creating a Security Program with Less Complexity and More Visibility

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2024%2F05%2Fcreating-a-security-program%2F)  
[](https://twitter.com/share?text=Creating+a+Security+Program+with+Less+Complexity+and+More+Visibility&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2024%2F05%2Fcreating-a-security-program%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2024%2F05%2Fcreating-a-security-program%2F&title=Creating+a+Security+Program+with+Less+Complexity+and+More+Visibility&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2024/05/creating-a-security-program/&ts=markdown)  
\[\](mailto:?subject=Creating a Security Program with Less Complexity and More Visibility)  
Link copied  
By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?ts=markdown "Posts by Unit 42")  
May 23, 2024  
7 minutes  
[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Unit 42](https://unit42-dev2.paloaltonetworks.com)  
[incident response report](https://www.paloaltonetworks.com/blog/tag/incident-response-report/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

Developing a strong security program is like tending a garden. It takes a lot of work, and you don't always see immediate results. Every day you water the soil, pull the weeds, spray the bugs, and after a while, you begin to see the cumulative results of all of those individual efforts -- a vibrant and healthy ecosystem. But, as seen in [our 2024 Incident Response Report,](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report) vulnerabilities go unpatched, and critical resources sit exposed. Like a garden overrun by weeds, these obscured areas provide cover and opportunity for attackers.

And, attackers at all levels are becoming more sophisticated, so any untended area of your environment presents too much risk. Organized cybercriminals build teams that specialize in different phases of attack, from intelligence gathering to exfiltration. They incorporate emerging technologies like AI into their arsenal. Some even provide customer service agents who can process ransomware payments.

Meanwhile, the same old problems hold defenders back -- alert fatigue, improper permissions and inadequate authentication, among others. These shortcomings get in the way of prioritizing the most important work, and they keep SOC teams underwater.

The greatest misconception about cybersecurity is that programs can catch up overnight with silver-bullet solutions. There's no substitute for a strong foundation and daily maintenance.

## Increase Visibility, Reduce Complexity

Security teams are notoriously snowed under by alerts and false positives. Telemetry from network devices, endpoints and cloud ecosystems can leave teams with billions of daily events to sort through. Critical indicators of attack and compromise often slip through the cracks because there's too much complexity and little visibility.

A few dynamics make these challenges even more difficult to solve:

* **Interoperability** Hardware and software incompatibilities can make patch management tricky. Patches should be tested before they're rolled out to ensure updates don't interrupt key processes, particularly for high-risk systems, user groups and subnets.
* **Poor Security Hygiene** Hard-coded credentials, weak authentication and inefficient alert handling increase the risk of a breach.
* **Infrastructure Turnover** On average, [20% of an organization's cloud attack surface](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report#chart-1) is replaced each month with new or updated services. Securing this new digital real estate routinely taxes the security team.

![Median proportion of high-risk cloud-hosted exposures observed on a typical company's attack surface in each industry during a given month.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/05/Chart_2@2x.png)

You can begin solving many of your security problems by gaining greater visibility of your information assets. If you lead a more sophisticated organization, this information can help your security team automate a large portion of alerts and shift their focus to threat hunting.

### Steps to Improvement

Gain full visibility with proactive discovery and analysis of your network, cloud and endpoints.

* **Enable Proactive Discovery**  
  For networks, smaller organizations can leverage tools like [Nmap](https://nmap.org/) and vulnerability scanners to discover and fingerprint devices. Larger organizations should consider more sophisticated tools, like [Cortex XDR](https://www.paloaltonetworks.com/cortex/detection-and-response) that can maximize visibility and provide real-time threat detection.
* **Consider Comprehensive Solutions**  
  For cloud and web-facing assets, smaller organizations can typically discover and manage their external attack surface -- web apps, cloud storage, APIs -- with basic discovery tools. Enterprises should consider comprehensive solutions that actively [discover, analyze and respond](https://www.paloaltonetworks.com/cortex/cortex-xpanse) to all connected systems and exposed services.
* **Secure Your Endpoints**  
  For endpoints, sophisticated organizations need to go beyond basic discovery and vulnerability scanning. [Endpoint detection and response (EDR)](https://www.paloaltonetworks.com/cortex/endpoint-detection-and-response) tools actively monitor and analyze endpoint activities to identify potential threats and anomalies.

As your security program matures, you'll begin to funnel much of this data into different program areas and solutions. Smaller organizations should begin with vulnerability and patch management, but most enterprises already perform sophisticated patch testing and implementation.

![Median proportion of new services introduced by a typical company in a certain industry during a given month.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/05/Chart_1@2x.png)

Instead, larger organizations suffer a different challenge -- too much complexity. They receive actionable information from vulnerability scans, intrusion detection systems, [SIEM](https://www.paloaltonetworks.com/cyberpedia/siem-solutions-in-soc) solutions, etc. The tools that consolidate your data need to be consolidated. Tools like [XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam) can leverage AI and machine learning to automate alerts.

Routine discovery and analysis of your information ecosystem support all other cybersecurity efforts. Once you've built a strong foundation, you can develop more granular access controls.

## Less Privilege, More Authentication

You may be tired of hearing that *identity is the new network perimeter*, but it's true.

Employees and contractors may access the network from the coffee shop down the street, the airport lounge or an Airbnb in the Bahamas. They may login with their work device, their personal laptop or their mobile device. As a defender, you have to verify the individual, the device and the connection.

Validating identity and authorization -- who's doing what and whether they're supposed to be doing it -- is a foundational concern of any security strategy. However, securing identities and permissions can be a moving target for several reasons:

* **Roles Are Rarely Cut and Dry**  
  It'd be nice if employees worked neatly within the confines of their roles and profile, but they don't. They work across departments, projects and enterprises, accumulating an alarming number of access permissions as they go.
* **Vendors Require Too Much Access** It's impractical for vendors to adapt to a different security policy for every client. It's also in your organization's best interest to get them working as quickly as possible. As a result, vendors are often given more access than they need. Even worse, a lack of revocation policies can leave these accounts lying around for attackers long after the vendor's work has been completed.
* **Growth Is Complicated** M\&A activity, a high volume of privilege changes, legacy and homegrown systems -- all of these factors pose unique identity challenges. Many organizations overcome them by granting access beyond what is appropriate.

Organizations of any size can mitigate these challenges by adopting the [Zero Trust](https://www.paloaltonetworks.com/zero-trust) philosophy -- never trust, always verify.

### Steps to Improvement

Leverage and build upon your visibility by continuously verifying every person, device or entity requesting resources in your organization.

* **Prioritize Your Assets** [The 80-20 rule](https://www.darkreading.com/cybersecurity-operations/applying-the-80-20-rule-to-cybersecurity) is a good way to think about cybersecurity. This rule suggests that security teams can cover about 80% of the risk by elevating controls on 20% of the assets. Determine which systems and users carry the most risk. This includes monitoring privilege escalation, setting more granular permissions, and using identity threat detection tools to spot abnormal behavior.
* **Map and Verify Transactions**  
  Understand how users, systems and data interact. Most attackers succeed because they're able to move laterally across your network and sidestep controls. By identifying key transactions, you can segment the network and compartmentalize sensitive resources.
* **Report and Maintain** Log all activities to improve your Zero Trust design. Security is an iterative process. You'll need to continue discovering, prioritizing and mapping your organization's information ecosystem. Use this information to update the design and implementation of your Zero Trust architecture.

It's important to understand that Zero Trust isn't a specific tool. It's a design philosophy that incorporates a full ecosystem of controls and best practices. If you want to know more about designing and implementing Zero Trust in your organization, check out our [best practices guide](https://www.paloaltonetworks.com/resources/guides/a-practical-guide-to-adopting-zero-trust-best-practices-in-the-soc).

## Tend to Your Garden

Cybersecurity is often portrayed as a battle. In reality, it's more like tending a garden. You have to work hard every day, progress is slow and incremental, and sometimes rodents get into your vegetables.

Defending your organization requires proactive maintenance and daily routines. Advanced tools can help you match the speed, scale and sophistication of modern attackers, but only if you support them with a strong security foundation.

Whether you're figuring out where to start or where to go next, organizations of any size can benefit from a trusted partner. Let our Unit 42 experts help you cultivate a [thriving security program](https://www.paloaltonetworks.com/unit42/transform).

*If you are experiencing an active breach or think you may have been impacted by a cybersecurity incident,* [*contact Unit 42*](https://start.paloaltonetworks.com/contact-unit42.html)*to connect with a team member. The Unit 42 Incident Response team is available 24/7/365. If you have cyber insurance or legal counsel, you can request Unit 42 by name. You can also take preventative steps by requesting a* [*Proactive Assessment*](https://www.paloaltonetworks.com/unit42/proactive-assessments)*and putting our team on speed dial with a* [*Unit 42 Retainer*](https://origin-www.paloaltonetworks.com/resources/datasheets/unit42-retainer)*.*

*** ** * ** ***

## Related Blogs

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Prowling the Wilds --- Upgrade Your SOC and Hunt Down Threats](https://origin-researchcenter.paloaltonetworks.com/blog/2024/05/upgrade-your-soc-and-hunt-down-threats/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Introducing Unit 42 Managed XSIAM 2.0](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/introducing-unit-42-managed-xsiam-2-0/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Announcing Unit 42 Managed XSIAM --- Redefining 24/7 Managed SecOps](https://origin-researchcenter.paloaltonetworks.com/blog/2025/03/announcing-unit-42-managed-xsiam/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Threat Research](https://www.paloaltonetworks.com/blog/category/threat-research/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Top Three Ways Organizations Were Unprepared for Cyberattacks in 2023](https://origin-researchcenter.paloaltonetworks.com/blog/2024/11/top-three-ways-organizations-were-unprepared-for-cyberattacks-in-2023/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Unit 42 Incident Response Retainers Enhance Organizational Resilience](https://origin-researchcenter.paloaltonetworks.com/blog/2024/09/unit-42-incident-response-retainers-enhance-organizational-resilience/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Education](https://www.paloaltonetworks.com/blog/category/education/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Crush It, Don't Get Crushed --- Combat SOC Analyst Burnout with AI](https://origin-researchcenter.paloaltonetworks.com/blog/2024/09/combat-soc-analyst-burnout-with-ai/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language