While organizations chase down their SolarWinds servers and investigate the impact of the attack, it’s important to prepare more broadly for what inevitably comes next. An attack of this level of sophistication, conducted by suspected nation-state operators, highlights a set of tactics, techniques and procedures (TTPs). It’s only a matter of time before copycats reverse-engineer and reuse elements of the attack. In addition, the original threat actors behind the attack will undoubtedly update their methods, changing not only indicators of compromise (IOCs) like domain names, but also adversary tactics and tools to evade security controls. Protecting against these unavoidable threats requires a robust and layered defense.