The evolution of threat detection technologies

evolution threat detection techology small photo 1.jpg

ANTIVIRUS

THE FIRST THREAT DETECTION

Antivirus scans for malicious files using Signatures.  However, hackers understand Antivirus techniques and continuously create new malware variants to bypass them.  Antivirus is still relevant because it captures around 60% of today’s malware.  However, they don't detect fileless attacks which accounts for 49% of today's threats.

NEXT GEN ANTIVIRUS

ADDING MACHINE LEARNING

Next Gen Antivirus extends threat coverage by applying machine learning.  Vendors analyze malware samples and build models that scan and parse files, and then match features to detect new malware. Machine learning models need to be kept up to date.  They are not very effective at detecting fileless attacks..

APPLICATION CONTAINERIZATION

APPLICATION MONITORING IN A SANDBOX

Application containerization is a limited solution for browsers or applications like MS Office.  It monitors applications in a sandbox.  If it detects a malicious event it will remediate it.  It works off of signatures and white listing.  Application containerization effectivity is limited to what’s going on in the sandbox.

THREAT INTELLIGENCE

INCIDENTS OF COMPROMISE

Threat Intelligence is the staple of legacy EDR solutions. They rely primarily on Incidents of Compromise (IoCs), which are Signature-like.   They look at OS events, filenames, CnC hosts and more to extrapolate a pattern indicating malicious activity.  IoCs need to be continuously updated to be effective.

BEHAVIOR-BASED

NO RELIANCE OF THREAT INTELLIGENCE

Legacy EDR solutions are evolving to behavior-based.  They look for techniques that hackers use to carry out attacks. They look at processes, network connections, file and registry changes, and the pattern of those activities. Behavior-based solutions are effective because they don’t look at files or rely on threat intelligence.

IN-MEMORY THREAT DETECTION

THE FINAL FRONTIER

Advanced EDR solutions are predictive.  In-memory behavior detection and analysis looks at processes running in-memory and reverse engineers them to identify malicious behaviors and what the attack is trying to do. It is the most reliable technology for detecting new malware variants and fileless attacks.

Partners can license Digital DNA to enhance threat detection. If you are interested, please contact Sales today.

Contact Sales
ENDPOINT SECURITY VIDEO WHITEBOARD SERIES

ENDPOINT SECURITY VIDEO WHITEBOARD SERIES

VIEW VIDEOS
REVERSE-ENGINEER THREATS IN MEMORY WITH RESPONDERPRO

REVERSE-ENGINEER THREATS IN MEMORY WITH RESPONDERPRO

CLICK FOR FREE TRIAL
ADVANCED THREATS VIDEO SERIES

ADVANCED THREATS VIDEO SERIES

VIEW VIDEOS
ENDPOINT SECURITY FOR TODAY’S ENTERPRISE

ENDPOINT SECURITY FOR TODAY’S ENTERPRISE

EVALUATE NOW