How to Differ Between Approved Use and Unapproved Use

Johnny: I think that generally we as defenders are really bad at being able to differentiate between approved use and unapproved use So like it's easy conceptually To detect pis exact. But then once you've detected it now, not everything that you detect with that is bad. Johnny: What if instead the attack path was explored one step at a time,. You know very quietly very covertly but also very quickly as in as fast as Software can run so this worm lands on a system It determines what systems this user has admin rights on And pivots to those systems repeat repeat repeat um In my own experience with analyzing, uh, you know, bloodhound databases for our customers Let me re