There is a Twitter thread from @SwiftOnSecurity that i really like and that shows a fundamental problem with the way we run IT security today. We still believe in the silver bullet approach and that there is the one shiny object, that will make our problems go away. There is bad news, there is no such thing.
But as the quote below indicates, there are very good and simple practices that would make it so much harder for hackers or malware to move around in our datacenters: segmentation and privileged access management.
I would really recommend to read that Twitter thread here and think about it. Network and particularly security segmentation need not be hard to do if you use the firewalls you already have on each workload.
With network segmentation and correct administrative methods, virtually every security flaw is irrelevant. China hacked Dave’s computer? Screw that guy. Instead, we fight the same battles over and over because fixing root problems makes nobody money and improves nobody’s career.