After responding to 750+ breaches, Steve Elovitz knows what actually stops attacks.
Most security advice is theoretical. This is based on real-world incident data from Unit 42’s 2026 Global Incident Response Report.
Steve breaks down the 5 highest-ROI security controls:
1. Reduce Attack Surface
Define your perimeter. Scan it regularly. Remove what doesn’t need to be exposed. If something must be public, limit access through IP allowlists or SASE layers.
2. Fix Identity Authentication
Move to phishing-resistant authentication like FIDO2. Stop using SMS, push notifications, or one-time pins. Attackers reliably bypass all of them through SIM swapping and social engineering.
3. Identity Segmentation
Admin accounts should never authenticate to workstations or edge devices. Use just-in-time provisioning. Separate privileged access workstations from user workstations.
4. Network Filtering
If a server doesn’t need access to a destination, it shouldn’t have access. Simple as that.
5. Enterprise-Wide Visibility
Prevention is ideal, but detection and response is a must. You need visibility across network, host, cloud, and identity to respond when something gets past your defenses.
Steve’s closing line says it all: "Prevention is ideal, but detection and response is a must."
This is the practical advice security leaders need. No fluff. Just what works based on 750 real breaches.
Timestamps:
0:00 – The "it depends" disclaimer
0:25 – Control 1: Attack surface reduction
1:10 – Control 2: Phishing-resistant auth
1:45 – Control 3: Identity segmentation
2:20 – Control 4: Network filtering
2:50 – Control 5: Enterprise visibility
Watch the full episode: https://youtu.be/bzNMCGT59yU
Read the 2026 Unit 42 Global Incident Response Report: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report
#Cybersecurity #IncidentResponse #SecurityControls #ZeroTrust #CISO
Subscribe + Follow
• Subscribe to Threat Vector
https://www.paloaltonetworks.com/podcasts/threat-vector
• Palo Alto Networks website
http://www.paloaltonetworks.com/
• Unit 42 threat research
https://unit42.paloaltonetworks.com/
• Facebook
https://www.facebook.com/LifeatPaloAltoNetworks/
• LinkedIn
https://www.linkedin.com/company/palo-alto-networks/
• More videos on YouTube
@paloaltonetworks
About Threat Vector
Threat Vector is Palo Alto Networks podcast for people who want to understand what’s really happening in cybersecurity. Every episode brings you inside the latest threats, smarter protection strategies, and the trends shaping the field.
You’ll hear from industry leaders, Palo Alto Networks experts, and real customers. The goal is simple. Give security teams and decision-makers the insights they need to stay ahead.
About Palo Alto Networks
Palo Alto Networks helps organizations prevent cyberattacks across cloud, network, and mobile with an automated, unified approach to security. Learn more at http://paloaltonetworks.com
