A new threat report from SentinelOne shows threat actors are no longer simply focused on gaining access. They are moving beyond initial breaches to systematically abuse the trusted identity systems, infrastructure, and automation systems that power the modern enterprise.
This leaves security teams inundated with vast amounts of telemetry but often lacking the context required to distinguish a genuine intrusion from a harmless anomaly. While organizations have more access to detailed threat intelligence than ever before, the challenge lies in translating those high-level insights into the specific, grounded posture needed to manage a local environment.
Identity now spans SaaS, cloud infrastructure, and autonomous agents, which means a single account can access dozens of systems. To stay secure defenders need to shift focus from authentication alone to continuous monitoring of behavior after login.
The report also shows that attackers are increasingly targeting CI and CD pipelines and development workflows rather than production environments. By compromising build systems, adversaries can introduce malicious code and extract secrets before software reaches production, allowing them to operate within trusted development processes and bypass hardened runtime defenses.
Edge devices have become primary attack surfaces too, with nearly 46 percent of recent zero-days targeting them. These systems often represent unmanaged blind spots and are frequently the first step toward broader compromise.
“The threat landscape is always evolving, but the underlying lessons remain,” says Steve Stone, chief customer officer at SentinelOne. “Attackers are relying less on single exploits or malware families and more on the gaps between security and operations, on blind spots in trusted systems, and on defenders being slower to adopt the same machine multipliers that adversaries now use as standard. Closing the gap is not about chasing every new tool threat actors deploy, but about continuously testing whether the controls can withstand the kinds of pressure of modern attacks.”
You can get the full report from the SentinelOne site.
Image credit: denisismagilov/depositphotos.com
