 |
Advanced detection techniques are required as the threat landscape gets more challenging. In an Enterprise Strategy Group (ESG) survey of chief information security officers, two-thirds of respondents stated the threat landscape has become much worse or somewhat worse over the past two years. For 55 percent, this is because malware is more sophisticated than it used to be. Additionally, 47 percent said malware attacks are more frequent, and 43 percent believe malware is using stealthier techniques. The Inevitability of Attacks The current mantra in the industry is, “It’s not if, but when and how often an organization will be attacked.” Prevention alone is not enough because advanced attacks are so difficult to protect against. Some attacks will always get through. This is shown in ESG’s research, which found that nearly half of all enterprises experienced at least one successful malware-based attack over the past two years. These caused these organizations to take some form of internal action to correct the breach or an external action, such as informing affected customers, to limit the damage. Because it is likely some attacks will get through, organizations need to ensure they are taking adequate steps to detect incidents. Today’s attackers go to great lengths to evade defenses and hide themselves away on networks as they aim to maintain a long-term presence and steal information over long periods of time. Indicators of Compromise Advanced detection techniques look for indicators of compromise (IOCs). No matter how hard they try to cover their tracks to avoid detection, attackers always leave behind forensic artifacts. These indicate an attack has occurred and provide information regarding the tools, techniques, and procedures the cybercriminals used. This information can be considered to develop countermeasures that are appropriate for a particular type of threat. As advanced threats constantly evolve, up-to-date IOCs should be delivered by threat intelligence systems. The latter take information feeds on the latest threats from a variety of sources worldwide, including from sensors, publicly available sources, government records, and specialized vendors. This threat intelligence information can then be aggregated and correlated to deliver actionable intelligence regarding incoming or historical data, providing better detection for new, advanced threats and eventually improving remediation. Access to the latest IOCs will allow organizations to shrink the time to detect threats on the network and put themselves in a much better position to detect and defend against most advanced attackers. The post New Advanced Detection Methods Help Find Threats appeared first on Speaking of Security - The RSA Blog and Podcast. |
