Detecting Unknown Threats: The Power of Incrimination

Today, advanced threats are growing in number and sophistication. The 2015 Verizon DBIR reported that 70-90% of the malware used in data breaches are unique to the organization.

A recent example is the cyber attack on federal agencies which resulted in the exposure of over four million employee records. According to recent publications, because this attack consisted of non-signature based components, it was not detected by the federal Einstein 3 Intrusion Detection system.

In most attacks, hackers use a combination of both known malware and tailor-made tools. When organization’s solely rely on signature-based detection solutions, they remediate only the known parts of the hacking operation allowing the hackers to persist.

This proves that signature-based detection solutions alone will not give organizations the capability to detect complex cyber attacks. Organizations must adopt capabilities to detect non-signature based attacks.

In an upcoming series of papers we will present novel methodologies to identify non-signature based attacks. The first in this series describes the process of revealing the unknown elements of an attack through incrimination: a new methodology that leverages the known components of an attack to reveal the unknown.