More On Detection Gaps…

December 7, 2016 | J. Gomez

How often have we seen a security news headline detailing a new malware strain or exploit kit campaign? The next question for security teams will usually be, do we detect that? In today’s threat landscape, delivery methods and network traffic patterns that are detected at present will eventually be superseded by new ones that are not. These situations can pose a risk to enterprises as they are windows of opportunity for compromises to occur and cause damage to systems and data without generating alerts.

In recently published articles for IT Security Guru and Cyber Defense Magazine we discuss the threat that these kinds of detection gaps can pose to IT environments

While the obvious culprit would be outdated detection content (i.e, AV/IDS/IPS updates) that would leave solutions blind to the latest threats, other areas where temporary detection gaps can arise include, but are not limited to:

  • Zero Day Exploits / Vulnerabilities
  • Malicious Redirects and Malvertising campaigns
  • Compromised Websites
  • Updates to Exploit Kits
  • New Malware Callbacks / C2 Communication
  • BYOD / Mobile Threats

Ensuring your security solutions are always up to date is essential in minimizing detection gaps, in those situations where detection gaps are unavoidable, access to up to date threat intelligence with fresh indicators can be helpful in determining if you are at risk and allow you to take a proactive approach to detection.

J. Gomez
About the Author

J. Gomez

Josh Gomez is a Senior Security Researcher with over fifteen years experience in the networking and security industries. Prior to Anomali, he was a senior member of FireEye Labs where he specialized in research and detection of exploit kits, malvertising and crimeware campaigns.

Get the latest threat intelligence news in your email.