To move forward, we often reflect on the past. It’s no different in cybersecurity.
Take, for instance, threat detection. In the early days of the internet, recognition entailed when a “threat” indicated a payload embedded with an indiscriminate worm that produced an irritating message or an awkward gif. As technology progressed, attackers took advantage by forming more advanced polymorphic delivery systems that bypassed signature-based identification, constructed permanency by sabotaging terminals, and detonated a payload at its selected time.
As threats increased in intricacy, so did detection capabilities. Starting with event monitoring, which necessitated analysts to sift through the noise for evidence that could potentially lead to the attacker. Advancing to user and entity behavior analysis – an approach that assumes any deviation from a baseline of documented activity means an attack – disregarding that, at times, users vary from what’s usual, particularly if confronted with worldwide events like a pandemic.
While successful at the time, user behavior-based discovery and manual event-based monitoring concentrated on discovering threats by differentiating the bad from the good. This not only generated false positives but often resulted in a dead end.
A new approach to detecting threats is rising, one that leverages advancements to find threats by incessantly tracking the bad guys and their patterns, providing real-time visibility into risk – including before and after an attack.
Watch the on-demand webinar to learn how to map attack patterns to detect threats before, during, and after they happen.