How often have we seen a security news headline detailing a new malware strain or exploit kit campaign? The next question for security teams will usually be, do we detect that? In today’s threat landscape, delivery methods and network traffic patterns that are detected at present will eventually be superseded by new ones that are not. These situations can pose a risk to enterprises as they are windows of opportunity for compromises to occur and cause damage to systems and data without generating alerts.
While the obvious culprit would be outdated detection content (i.e, AV/IDS/IPS updates) that would leave solutions blind to the latest threats, other areas where temporary detection gaps can arise include, but are not limited to:
Ensuring your security solutions are always up to date is essential in minimizing detection gaps, in those situations where detection gaps are unavoidable, access to up to date threat intelligence with fresh indicators can be helpful in determining if you are at risk and allow you to take a proactive approach to detection.
Josh Gomez is a Senior Security Researcher with over fifteen years experience in the networking and security industries. Prior to Anomali, he was a senior member of FireEye Labs where he specialized in research and detection of exploit kits, malvertising and crimeware campaigns.