The Active Adversary Report: Safety In Numbers
Sophos, Tuesday, February 24th, 2026
In my nearly 30 years as a professional in information security, I find that we are often trying to solve the wrong problems. The security market can be a very noisy place, and while there is no lack of information to consume, we often struggle to find the right information.
The signal-to-noise ratio has never been worse, and we need accurate and timely information to stay on top of such a fast-moving and critical function.
Sometimes we are asking the wrong questions
I remember doing a 'security audit,' which I suppose we would now more accurately call a penetration test, around 1996. The organization had a Check Point firewall and some UNIX servers, and the firewall was blocking everything except FTP and SMTP to the Sun Solaris boxes behind it. The FTP server was wide open and had been commandeered to host warez, and the SMTP server was Sendmail and configured as an open relay. The question they wanted answered was 'Is the firewall configured and working properly?' The answer was yes -- yes, but you have a very serious security problem nonetheless.