* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/)
* Navigating the Complex Th...

# Navigating the Complex Threat Landscape --- Key Takeaways for CISOs

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F11%2Fnavigating-the-complex-threat-landscape%2F)  
[](https://twitter.com/share?text=Navigating+the+Complex+Threat+Landscape+%E2%80%94+Key+Takeaways+for+CISOs&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F11%2Fnavigating-the-complex-threat-landscape%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F11%2Fnavigating-the-complex-threat-landscape%2F&title=Navigating+the+Complex+Threat+Landscape+%E2%80%94+Key+Takeaways+for+CISOs&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2023/11/navigating-the-complex-threat-landscape/&ts=markdown)  
\[\](mailto:?subject=Navigating the Complex Threat Landscape — Key Takeaways for CISOs)  
Link copied  
By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?ts=markdown "Posts by Unit 42") and [Michael J Graven](https://www.paloaltonetworks.com/blog/author/michael-j-graven/?ts=markdown "Posts by Michael J Graven")  
Nov 02, 2023  
3 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)  
[Unit 42](https://unit42.paloaltonetworks.com)  
[CISOs](https://www.paloaltonetworks.com/blog/tag/cisos/?ts=markdown)  
[threat landscape](https://www.paloaltonetworks.com/blog/tag/threat-landscape/?ts=markdown)

Well, it looks like we cybersecurity defenders won't be getting a break any time soon. Unit 42 consultants and intelligence analysts have been busy, and a few trends have jumped out at us in the last few months. So, we decided to write them up. In our latest executive advisory, [Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs](http://paloaltonetworks.com/resources/ebooks/unit42-ciso-cybersecurity-tactics-advisory), we highlight a couple attacker trends, what they mean, and what you can do about them.

The bottom line: attackers are becoming more tenacious and resilient to defense. Defenders can take a few steps to match those changes and improve their own organization's resilience.

#### Criminals Are Committing Crime More Efficiently

One trend is improved efficiency. More attackers now use automation, organization, playbooks and repeatable operations. Certain actors have developed key expertise in modern IT infrastructure. And, they use it to move efficiently through the target environment -- faster and more quietly than before.

Muddled Libra is a threat group that's exhibited these skills. The [Unit 42 Threat Assessment on Muddled Libra](https://unit42.paloaltonetworks.com/muddled-libra/)has an in-depth written analysis, and you can also listen to the [Unit 42 Threat Vector podcast](https://youtu.be/Znq1fgMSFJs?si=_rLVxII-AaGL9tIQ) for expert insights and strategies to counter this threat actor group.

#### States Are Sponsoring Attacks on Non-State Targets

Nation-state attackers don't just conduct espionage. Lately, they have also been acting to destabilize other components of the states they target. One example is [Trident Ursa](https://unit42.paloaltonetworks.com/trident-ursa/), an APT group with a history of creating access to its targets and gathering information from them. Their targets include most business sectors: [financial institutions and government entities](https://unit42.paloaltonetworks.com/pingpull-gallium/), communications, manufacturing, information technology, education and more.

If you run operational technology (OT), you might also be interested in some of the insights in this [OT Security Insights white paper](https://www.paloaltonetworks.com/resources/whitepapers/ot-security-insights-secure-ot-it-convergence-to-keep-the-production-lines-working?ts=markdown)from our OT colleagues. It looks at the IT-OT interface and how attackers are crossing it.

## What Unit 42 Recommends

A comprehensive defense strategy helps you frustrate attackers. And, they deserve to be. The advisory goes into more detail. Here are some quick takes to consider.

1. \*\*Change How You Measure Success:\*\*Define success as how effectively you respond to active threats, not how you prevented everything bad -- nobody does that.
2. **Constrain the Attacker:** Deny them time and space, and give it to your defenders instead.
3. \*\*Lather, Rinse, Repeat:\*\*Run your response playbooks efficiently and repeatedly.
4. **Increase the Pressure:** Everyone makes more mistakes when they're rushed.
5. **Measure and Reduce Your External Attack Surface:** Almost half the organizations we surveyed had a[Microsoft Remote Desktop server open](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report?ts=markdown) to the internet.
6. **Work Toward Being a** [Zero Trust Enterprise](https://www.paloaltonetworks.ca/cybersecurity-perspectives/zero-trust-for-critical-infrastructure)**:** Asset inventories and user identity are some of the first questions incident responders ask.

[](http://paloaltonetworks.com/resources/ebooks/unit42-ciso-cybersecurity-tactics-advisory)  
[![Navigating the evolving threat landscape: resilient cybersecurity tactics for CISOs.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/12277-palo-alto-APT-Report_Email-Signature_1000x200.jpg)](http://paloaltonetworks.com/resources/ebooks/unit42-ciso-cybersecurity-tactics-advisory)

## Being Thoughtful About Defense

These changes in attacker behavior aren't all bad news. On the contrary, it means a comprehensive defense strategy is more valuable against more threat actors. Attackers are innovating, accelerating and becoming more tenacious. Your team should be, too.

Unit 42 and other Palo Alto Networks products and services can help. We provide [Cyber Risk Management](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) and [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) consulting services -- from attack surface assessment to full-scope reactive incident response. We're familiar and experienced with responding to threat actors -- from APT to ransomware -- in environments that include the largest Global 2000 firms.

This is just the beginning of what you need to know. Read the executive advisory, [Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs](http://paloaltonetworks.com/resources/ebooks/unit42-ciso-cybersecurity-tactics-advisory) to learn more about key attacker trends and tactical steps you can take to improve your security defense.

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Why Threat Actors Succeed](https://www.paloaltonetworks.com/blog/2025/10/why-threat-actors-succeed/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Palo Alto Networks Named a Leader in WW Incident Response Services](https://www.paloaltonetworks.com/blog/2025/08/idc-unit-42-ir/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Securing the Quantum Age](https://www.paloaltonetworks.com/blog/2025/08/securing-the-quantum-age/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Social Engineering on the Rise --- New Unit 42 Report](https://www.paloaltonetworks.com/blog/2025/07/social-engineering-rise-new-unit-42-report/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### GenAI's Impact --- Surging Adoption and Rising Risks in 2025](https://www.paloaltonetworks.com/blog/2025/06/genais-impact-surging-adoption-rising-risks/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### ​​2025 Unit 42 Incident Response Report --- Attacks Shift to Disruption](https://www.paloaltonetworks.com/blog/2025/02/incident-response-report-attacks-shift-disruption/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language