Mapping Attack Patterns to Detect Threats

Logo
Presented by

Mark Alba, Chief Product Officer, Anomali

About this talk

To move forward, we often reflect on the past. It’s no different in cybersecurity. Take, for instance, threat detection. In the early days of the internet, recognition entailed when a “threat” indicated a payload embedded with an indiscriminate worm that produced an irritating message or an awkward gif. As technology progressed, attackers took advantage by forming more advanced polymorphic delivery systems that bypassed signature-based identification, constructed permanency by sabotaging terminals, and detonated a payload at its selected time. As threats increased in intricacy, so did detection capabilities. Starting with event monitoring, which necessitated analysts to sift through the noise for evidence that could potentially lead to the attacker. Advancing to user and entity behavior analysis – an approach that assumes any deviation from a baseline of documented activity means an attack – disregarding that, at times, users vary from what’s usual, particularly if confronted with worldwide events like a pandemic. While successful at the time, user behavior-based discovery and manual event-based monitoring concentrated on discovering threats by differentiating the bad from the good. This not only generated false positives but often resulted in a dead end. A new approach to detecting threats is rising, one that leverages advancements to find threats by incessantly tracking the bad guys and their patterns, providing real-time visibility into risk – including before and after an attack. Watch the on-demand webinar to learn how to map attack patterns to detect threats before, during, and after they happen.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (69)
Subscribers (2456)
Anomali is the leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions. Anchored by big data management and refined by artificial intelligence, the Anomali XDR platform delivers proprietary capabilities that correlate the largest repository of global intelligence with telemetry from customer-deployed security solutions, empowering security operations teams to detect threats with precision, optimize response, achieve resiliency, and stop attackers and breaches. Anomali serves public and private sector organizations, ISACs, MSSPs, and Global 1000 customers around the world in every major industry. Leading venture firms including General Catalyst, Google Ventures, and IVP back Anomali. Learn more at www.anomali.com.