Detecting today’s attacks is difficult. Attackers are more sophisticated, better funded and better organized. Moreover, the attacks are more targeted, with 80 percent of observed malware showing up just once and 68 percent of malware being used against only a single organization. In many cases, malware isn’t even involved in the attacks – instead, the threat actors use a variety of tactics, some of which have never been seen before.
A well-designed architecture needs to detect even the most sophisticated attacks, especially those designed to evade defensive mechanisms. Furthermore, it needs to detect those attacks without generating the false positives that may lead to security personnel missing the true threats. Perhaps most importantly, alerts must come with the context that enables security teams to prioritize investigations and design a proper response.
In our latest podcast, I discuss all of this and more with Matt Allen, senior director of FireEye Labs. Listen to the full podcast here.