惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

云风的 BLOG
云风的 BLOG
IT之家
IT之家
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 司徒正美
美团技术团队
Last Week in AI
Last Week in AI
月光博客
月光博客
博客园 - 叶小钗
MongoDB | Blog
MongoDB | Blog
U
Unit 42
T
Tailwind CSS Blog
GbyAI
GbyAI
T
The Blog of Author Tim Ferriss
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
Google DeepMind News
Google DeepMind News
H
Help Net Security
Hugging Face - Blog
Hugging Face - Blog
爱范儿
爱范儿
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
B
Blog RSS Feed
大猫的无限游戏
大猫的无限游戏
aimingoo的专栏
aimingoo的专栏
A
About on SuperTechFans
Y
Y Combinator Blog
罗磊的独立博客
D
DataBreaches.Net
有赞技术团队
有赞技术团队
MyScale Blog
MyScale Blog
博客园_首页
博客园 - 三生石上(FineUI控件)
G
Google Developers Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
雷峰网
雷峰网
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
博客园 - Franky
M
MIT News - Artificial intelligence
B
Blog
The Cloudflare Blog
Apple Machine Learning Research
Apple Machine Learning Research
I
InfoQ
S
SegmentFault 最新的问题
F
Fortinet All Blogs
阮一峰的网络日志
阮一峰的网络日志
Stack Overflow Blog
Stack Overflow Blog
Microsoft Security Blog
Microsoft Security Blog

Heimdal Security Blog

MediaArena malvertising: why a quarantine isn't the end of the incident Top 6 Managed Detection and Response Providers Cyber-Aware Customers Are Raising the Bar for MSPs and Other Vendors Cyber-Aware Customers Are Raising the Bar for MSPs and Other Vendors How to scale your patches without scaling your team (the patch wave) AI didn't break patching. It showed us patching was already broken. Heimdal Launches MSP Onboarding Wizard to Help Partners Onboard Microsoft CSP Customers in 2 Minutes How Dynamic Defense shuts an attacker out without shutting down the business Breaking the MSP Echo Chamber: The Power of Community How attackers built a RAT on a Windows machine using its own .NET compiler Attacker enables RDP, creates admin, erases evidence in ten seconds Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It Your Next Insider Threat May Be an AI Coworker The OSI Model and Its Two Missing Layers Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification The State of AI Risk Management in 2026 AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift Top 10 Cybersecurity Companies in Europe Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment You Only Know What You’ve Got When Its Gone Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege Five Predictions for Cyber Security Trends in 2026 Heimdal Achieves OPSWAT Gold Certification for Anti-Malware How to Avoid Holiday Shopping Scams (From a Former Cyber Detective) ITDR Best Practices: How to Detect, Prevent, and Contain Critical Identity Threats When Buyers Discount MSPs With One Big Customer You’re Not Technical? That Excuse Just Expired! Tool Sprawl Taxes Your Business More Than You Think Heimdal 5.1.0 RC Dashboard: Smarter Automation, Stronger Compliance, and Smoother Control Can Generative AI Be Weaponized for Cyberattacks? Digital Warfare and the New Geopolitical Frontline Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea
Static security has run out of road. The case for Dynamic Defense
Morten Kjaersgaard · 2026-06-26 · via Heimdal Security Blog

AI has flipped the economics of cybersecurity in the attacker’s favor.

For most of the last decade, defenders held the cost advantage, buying down their risk with a stack of largely static controls.

That advantage is gone, and winning it back is the central problem facing every security team in 2026.

I think the answer is Dynamic Defense, reading risk in real time and applying just enough of the right control, at the right moment, to make an attack cost more than it’s worth.

This is a piece about why static security has run out of road, and what Dynamic Defense
looks like once you put it to work.

Because while almost every vendor will tell you AI changed everything, most products still work the way they did five years ago.

Very few are seriously rethinking what effective security looks like now, and that’s where the real work is.

In 2026, hacking is changing fast

Over the last few years we’ve seen a quiet shift in how attackers go after your environment and the data inside it.

Three things stand out.

1. The volume keeps climbing

Our own telemetry shows attack volumes several times higher than they were three years ago. Some of that is AI, but the trend has been building since the pandemic.

The knock-on effect matters more than the raw number.

The old game was balancing alerts against the people you have to triage them, so your experts stay focused on what’s genuinely high risk.

As volume climbs, that balancing act stops being sustainable. You can’t hire your way out of it.

2. AI agents are a new attack surface

Businesses are rolling out agentic AI across the organization.

By design, an agent is resistant to the deterministic controls most security relies on. That creates an awkward problem.

How do you stop an agent reasoning its way around a guardrail you’ve set?

You don’t, at least not with another static rule. This is exactly why the model I’m describing matters.

If you can’t write a policy that anticipates every action, you have to watch behavior and respond to it as it happens. That’s the heart of Dynamic Defense, and I’ll get to it below.

3. The attacks themselves are changing

The obvious point worth saying out loud is that the attackers have AI too.

The average attacker now reaches for a far broader range of tactics than they used to.

A few years ago, the most complex attacks were the preserve of nation-state actors and serious cybercrime groups.

AI has lowered the barrier, so everyday attackers can run more complex, more adaptive campaigns.

The result is that tried-and-tested practices like vulnerability management get less effective on their own.

What the front line in Ukraine tells us about cost

All three shifts come back to one thing. Economics.

So far, AI has mostly tilted the resource balance toward the attacker.

That’s the same bind Ukraine has faced, holding off an adversary with far deeper resources.

What’s instructive is the response. Rather than match the enemy spend for spend, the cheaper side of the fight is made to do disproportionate damage to the more expensive side.

Cheap drones against expensive aircraft. Interceptors against ballistic missiles. The question driving it is simple. How do you exhaust the most of your opponent’s resources using the least of your own?

That’s the right question for security in 2026, because we’re facing the same sudden jump in the scale and complexity of the attack.

The answer I keep arriving at is Dynamic Defense.

What Dynamic Defense actually means

Dynamic Defense isn’t a product you buy.

It’s how I’ve come to think effective security has to work now. A few principles sit underneath it.

  • Proportional response. The core of it is economic. Use the least resource and the lightest control that actually stops the attacker.
  • Cross-platform correlation. To get that response right, a system has to be much better at telling a real attack from noise, which means comparing as many behavioral signals from across the environment as it can.
  • Adaptive containment. You have to be more flexible about which control you apply, and where.
  • Faster remediation. The quicker you resolve something, the less it adds to the pile your team is already buried under.
  • Business continuity. Put the control where it does the most damage to the attacker and the least to the work the business actually needs to do.

You can sum the whole thing up in one line.

“Contain the threat just enough, for just long enough, until the risk is removed.”

Take vulnerability management.

A few years ago most attackers leaned on publicly known vulnerabilities, because it’s cheaper to use a known bug than to find a new one.

It never mattered that a patch existed, only that someone hadn’t installed it. AI has shifted that.

It’s now far easier to find unknown, zero-day vulnerabilities, and no amount of diligent patching helps with a flaw the vendor hasn’t seen yet.

Dynamic Defense gives you a way to respond fast even when the attacker is using something you can’t patch.

What it looks like in practice

The logic is simple.

Work out quickly when someone is attacking you and what they’re trying to do. The more context you have, the faster and more cheaply you can shut them out.

Monitoring for suspicious behavior is nothing new. Doing it with this much context is where most products fall short.

Here are two examples.

1. A suspicious account login

Say you get an alert that a user has logged in from a new country.

On its own that’s often harmless, someone working through their vacation.

If they’re on a new device in a new location, it looks more interesting.

And if the login comes from somewhere that user has no business being, the picture gets clearer still.

A conventional tool flags the alert and maybe forces multi-factor authentication.

What it can’t do is tell you with much confidence whether this is an attacker or your colleague checking email from a beach.

Dynamic Defense correlates a wider set of signals to make that call, including where the real user’s phone, laptop and account each appear to be.

Table correlating phone, laptop, and account location to tell an account takeover from an employee on holiday

The principle isn’t new. The difference is granularity.

With static defenses you’ve got separate tools watching IP addresses, account location and device location, and no single one sees the whole picture.

Pull those together and you can be far more targeted about how you push back.

Protecting a device

Now say your monitoring picks up some unusual internet activity tied to Microsoft Word.

Context helps again.

Word only talks to the internet in a handful of normal situations, like OneDrive sync or Microsoft 365 Copilot.

An inbound connection outside those can reasonably be treated as a risk, and where it’s coming from adds to the read.

A connection from a high-risk or unexpected origin raises the odds that something is wrong.

That lets you be precise.

You can drop in a firewall rule that blocks winword.exe from talking over ports 443 and 80, which cuts the immediate danger until a patch is available.

Your actual user keeps working, and keeps using Word. You’ve taken away the attacker’s room to move without taking away anyone’s day.

Where this goes

These are two narrow examples.

The same principle runs across every control you’ve got, from identity through to the network.

None of the individual moves here are new.

Conditional access, behavioral correlation and adaptive containment have been around for years.

What’s new is that AI makes them both necessary and possible at the same time.

Necessary, because the attacker is now dynamic.

Possible, because we finally have the signals and the reasoning to act across the whole stack at machine speed.

The wider industry is arriving at the same place.

Microsoft is talking openly about agentic defense, and “dynamic” is about to get attached to a lot of security acronyms.

What separates a conventional defense from a dynamic one is the view.

You need a picture of the whole environment to put the right resource against the specific risk in front of you.

Without it, you’re bringing a missile interceptor to a drone fight.

That whole-environment view is what we’re building Heimdal around, and for defenders in the AI era I’m convinced it’s the right direction.

In my next post I’ll walk through five more examples of Dynamic Defense in action, and how we’re building it at Heimdal.

Author Profile

linkedin icon

Morten Kjaersgaard is the Founder and Chairman of Heimdal®, a global leader in AI-powered cybersecurity. Under his leadership, Heimdal has grown from a startup in Copenhagen to a trusted security partner for over 16,000 organizations and more than 2,000 MSPs worldwide, defending against 260+ million cyber threats annually. With a sharp focus on unifying cybersecurity operations, Morten is recognized for his ability to align technical innovation with strategic business outcomes. His insights have shaped how organizations and partners alike approach risk reduction, compliance, and security maturity in an increasingly complex digital world. A respected voice in the industry, Morten frequently shares his expertise at international events and through media commentary—championing a more proactive, collaborative, and scalable model for cybersecurity success.