Cyber Daily Report

John Dominguez--securityboulevard.com
published date: 2026-01-07 00:00:00 UTC

None

The old saying ‘prevention is better than cure’ has lost value in today’s cybersecurity industry. Instead, security teams are advised to assume that the business has been breached and focus on threat detection, investigation, response and recovery. However, during cyber incident postmortems, it is not uncommon to find that the business owned the tool that would have protected it against the breach. The problem arose because it wasn’t correctly configured before the incident happened, and no one knew this — if they did, they didn’t have the time or resources to fix it. We often say that hindsight has 20:20 vision, and playing a blame game after a breach is morale-destroying. What we need to do is flip the script and turn hindsight into foresight to <a href="https://securityboulevard.com/2025/10/insider-threat-prevention/" target="_blank" rel="noopener">make cyberthreat prevention practical again</a>. As an industry, we need to shift security left of boom and help businesses optimize the investments they have already made. That’s easy enough to say, but harder to change in reality, especially if there is a lack of understanding around the current environment. <h3 aria-level="2">Security Governance Challenges for Today’s Security Architects </h3>Security architects have an unenviable task on their hands. They are custodians of a vast cybersecurity tool stack that has usually grown organically with point solutions added as new threats emerge. It isn’t unusual to find as many as 75 different tools in use in a single organization. Guess what? Each of those tools gets patches and updates delivered regularly. No vendor wants to leave their solution with a vulnerability, so they push out patches and updates as fast as possible, leaving it to their customers to ensure they’re properly applied and new features are fully implemented without creating unintended risk. To illustrate the administrative load of patches and updates, we counted 380 new features released in 2024 by the top 20 security tools in the market alone. Each tool offers around 20 independent controls that can be implemented, which generates infinite number of combinations of new variables that a security team must digest every year. It isn’t just sustainable — either the team is overwhelmed with work, risking mistakes and burnout or decision paralysis sets in — meaning the business is being put at risk by the very tools it has purchased for protection. Visibility is another challenge. Often, security tools don’t talk to each other, leaving a lot of valuable data stuck in silos rather than being accessible as a resource to help harden systems and prevent attacks. A further dimension to the visibility challenge is the ownership and management of different components of preventive security. Identity and access management tools, for example, may be owned and managed by the IT team. This can make it difficult for security architects to gain insights into their set-up and licensing terms to understand the available capabilities. Simply identifying all these tools, figuring out their configurations and tracking their coverage is a full-time task. With constant updates, it can be an endless process — like painting the Golden Gate Bridge. No sooner have you finished than you must start again. Naturally, in such a fragmented environment, delivering meaningful risk reduction and reporting it in terms that boards will understand is yet another challenge. <h3 aria-level="2">Practical Threat Prevention: An Agentic AI Application </h3>The combined outcome of these challenges is a reactive approach that is always one step behind adversaries. To shift cybersecurity left of boom and adopt a proactive, preventive strategy, organizations: <ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":405,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="1" data-aria-level="1">Must maximize value from the security investments they have already made and make sure they aren’t paying for features they don’t use. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":405,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="2" data-aria-level="1">Require meaningful and timely visibility over where and how their systems are exposed or misconfigured. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":405,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="3" data-aria-level="1">Need a route to measurable risk reduction that uses existing resources — tools and personnel — effectively. </li></ul>Solutions to parts of this problem already exist in the shape of exposure assessment platforms (EAPs). These analyze systems to identify misconfigurations that could lead to a breach, but they typically deliver static reports that simply list identified exposures. They are missing the context around what exposure means to the business. For example, rather than a basic alert about phishing risk, it is useful to understand if certain individuals or business divisions are being disproportionately targeted. That way, remediation actions can be more holistic, such as educating those employees to be vigilant, alongside tuning phishing defense tools. Another missing element is prioritization. Not all threats carry equal risk of being exploited, so when you’re deciding where to allocate limited resources, it is valuable to know what should be fixed first. On the subject of fixing issues, exposure management software won’t tell you how and where to fix the problem it has identified, creating an administrative burden on teams who now must research and allocate fixes. It is these ‘next steps’ of contextualization, prioritization and fixing that an agentic AI solution can elegantly and effectively address. Consider an agent that analyzes all those tools and systems for misconfigurations, prioritizes them based on the highest risk, creates a ticket specifying how and where the fix needs to happen and then adds it to the organization’s existing task management tool. An organization that is especially AI-confident could even permit the agent to carry out fixes in a staged environment, so the team simply must check them before pushing them live. Agentic AI for security operations offers security teams an opportunity to become proactive, rather than remaining stuck in a reactive spiral that has become the status quo. It can help security architects overcome tool sprawl to gain clarity over risk posture and not just surface hidden risks but address them too. It also allows continuous monitoring to identify when configurations drift out of the optimal state, and that’s a huge advantage because it addresses the ‘moving target’ nature of cyber risk management, recognizing that systems evolve.  The next era of cybersecurity must build on the investments in tools and infrastructure that we’ve already made, by leveraging them more intelligently to stem the tide of preventable breaches. It’s time to shift the focus back to prevention, not just detection and response. Agentic AI offers a transformative opportunity to proactively harden systems and close the gaps that attackers expect to be able to exploit. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/the-shift-left-of-boom-making-cyberthreat-prevention-practical-again/" data-a2a-title="The Shift Left of Boom: Making Cyberthreat Prevention Practical Again "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fthe-shift-left-of-boom-making-cyberthreat-prevention-practical-again%2F&linkname=The%20Shift%20Left%20of%20Boom%3A%20Making%20Cyberthreat%20Prevention%20Practical%20Again%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fthe-shift-left-of-boom-making-cyberthreat-prevention-practical-again%2F&linkname=The%20Shift%20Left%20of%20Boom%3A%20Making%20Cyberthreat%20Prevention%20Practical%20Again%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fthe-shift-left-of-boom-making-cyberthreat-prevention-practical-again%2F&linkname=The%20Shift%20Left%20of%20Boom%3A%20Making%20Cyberthreat%20Prevention%20Practical%20Again%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fthe-shift-left-of-boom-making-cyberthreat-prevention-practical-again%2F&linkname=The%20Shift%20Left%20of%20Boom%3A%20Making%20Cyberthreat%20Prevention%20Practical%20Again%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fthe-shift-left-of-boom-making-cyberthreat-prevention-practical-again%2F&linkname=The%20Shift%20Left%20of%20Boom%3A%20Making%20Cyberthreat%20Prevention%20Practical%20Again%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>