How often have we seen a security news headline detailing a new malware strain or exploit kit campaign? The next question for security teams will usually be, do we detect that? In today’s threat landscape, delivery methods and network traffic patterns that are detected at present will eventually be superseded by new ones that are not. These situations can pose a risk to enterprises as they are windows of opportunity for compromises to occur and cause damage to systems and data without generating alerts.
In recently published articles for IT Security Guru and Cyber Defense Magazine we discuss the threat that these kinds of detection gaps can pose to IT environments
While the obvious culprit would be outdated detection content (i.e, AV/IDS/IPS updates) that would leave solutions blind to the latest threats, other areas where temporary detection gaps can arise include, but are not limited to:
- Zero Day Exploits / Vulnerabilities
- Malicious Redirects and Malvertising campaigns
- Compromised Websites
- Updates to Exploit Kits
- New Malware Callbacks / C2 Communication
- BYOD / Mobile Threats
Ensuring your security solutions are always up to date is essential in minimizing detection gaps, in those situations where detection gaps are unavoidable, access to up to date threat intelligence with fresh indicators can be helpful in determining if you are at risk and allow you to take a proactive approach to detection.
About the Author
Senior Security Researcher