FEATURE: THREAT ASSESSMENT
THE SAVVIEST
ORGANISATIONS
COMPLEMENT
THEIR
SIGNATURE-
BASED
DEFENCES WITH
AUTOMATED
THREAT
MANAGEMENT.
fastest-growing – ways to do this is by
hiding within another allowed protocol. For
example, an attacker can use benign HTTP
communication but embed coded messages
in text fields, headers or other parameters in
the session. By riding shotgun on an allowed
protocol, the attacker can communicate
without detection.
Spotting the weak signals of an
attack, hidden in the cacophony of
communications, isn’t easy and requires
smart, adaptive software.
By combining data science, Machine
Learning and behavioural analysis,
automated threat management detects
malicious behaviours inside the network,
regardless of the attacker’s attempt to
evade signatures and whether it’s an insider
or outsider threat.
By focusing on attack behaviours and
actions, automated threat management can
identify every phase of an active attack –
command and control, botnet monetisation,
internal reconnaissance, lateral movement
and data exfiltration – without signatures or
reputation lists.
Behaviour-based threat detections also
identify internal reconnaissance scans and
port scans, Kerberos client activity and the
spread of malware inside a network.
Data science models are effective at
neutralising an attacker’s use of domaingeneration
algorithms to create an endless
supply of URLs for their threats.
Cybercriminals always look for new ways
to conceal their attack communications
and one of the most effective – and
However, the detection models inherent
in automated threat management can
reveal these hidden tunnels by learning
and analysing the timing, volume and
sequencing of traffic.
Staying ahead of network threats
Nimble attackers can easily create and
hide their exploits in an infinite number
of ways. Consequently, the limitations of
signatures should be complemented with
automated threat management models that
continuously learn new attack behaviours
and adapt to network changes.
It’s time to jump off the signature hamster
wheel, gain visibility and an understanding
of the previously unknown inside your
networks and cloud, and get ahead of
attackers by automatically detecting and
analysing the behaviours and actions that
belie an attack and mitigate the threat
before damage is done. •
www.intelligentcio.com
INTELLIGENTCIO
37