Assume Breach.

A security operating philosophy that designs controls, monitoring, and architecture around the premise that an adversary is already inside the environment, prioritizing detection, containment, and recovery alongside (not instead of) prevention. サイバーセキュリティの 防御と運用 カテゴリに属します。

A security operating philosophy that designs controls, monitoring, and architecture around the premise that an adversary is already inside the environment, prioritizing detection, containment, and recovery alongside (not instead of) prevention.

Assume Breach is a security operating philosophy popularized by Microsoft in the mid-2010s and now the default posture of mature programs and zero-trust architectures. Rather than treating prevention as the primary defense and detection as a backstop, an assume-breach program designs the environment as if the adversary has already gained a foothold and asks how detection, containment, recovery, and limiting blast-radius will hold up. Concretely this drives: network microsegmentation so lateral movement is constrained, identity-centric architecture (every request authenticated and authorized), endpoint detection and response everywhere, centralized logging with retention long enough for true-detection of slow campaigns, regular red-team and purple-team exercises against the live environment (not just labs), automated containment playbooks (isolate host, rotate keys, kill session), and recovery rehearsals (immutable backups, alternative paths to keep the business running). Assume Breach is a foundational principle of NIST 800-207 Zero Trust, the U.S. DoD Zero Trust Strategy, the U.K. NCSC Cyber Assessment Framework, and most modern security programs.

Assume Breach に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Breach-tolerant security, Compromise-tolerant design。