In the last several years, we’ve seen a disturbing trend—attackers are innovating much faster than defenders are. We’ve seen the “commercialization” of malware, with attack kits available on underground forums for anyone who wants to perpetrate a variety of attacks. Large botnets are available for rent, allowing attackers to send spam or launch DDoS attacks at will. Many attackers reuse malware and command and control protocols and methods, adapting their “products” over time to keep ahead of the antimalware industry and security professionals. As more and more attacks occur, however, the likelihood increases that some organization or group has seen the attack before.