How Threat Detection is Evolving
As adversaries have shifted the focus of attacks to achieve their goals, defenders must evolve their approach to threat detection
The threat landscape is dynamic and ever changing. Adversaries are evolving their approaches and targets. Mark Harris from Gartner has said it the best in, my opinion: Adversaries have shifted the focus of attacks to achieve their goals – from focusing on infecting files to infecting systems, and now infecting entire enterprises. As defenders we have to evolve our approach to detection accordingly. From tracking files and hashes and relying on signatures to block early threats, to tracking additional indicators to protect against more sophisticated attacks. Now, adversaries are infiltrating organizations and moving laterally to accomplish their mission. Be it to conduct reconnaissance surreptitiously and launch attacks later, simultaneously lockdown endpoints and servers for ransom, use one enterprise as an entry point into another, overwhelm systems to disrupt services for legitimate users, hijack computing resources to conduct nefarious activity…the list goes on and on.