As the world moves towards continuous network monitoring, where all of our systems are patched, hardened against malware and monitored in near real time, we should expect attacker behavior to change. In this talk, Marcus Ranum will discuss a variety of scenarios attackers could use to exploit hardened networks, including compromising SIEMs, network security monitoring devices, patch management systems, auditing systems and more.