Detecting today’s attacks is difficult. Attackers are more
sophisticated, better funded and better organized. Moreover, the
attacks are more targeted, with 80 percent of observed malware showing
up just once and 68 percent of malware being used against only a
single organization. In many cases, malware isn’t even involved in the
attacks – instead, the threat actors use a variety of tactics, some of
which have never been seen before.
A well-designed architecture needs to detect even the most
sophisticated attacks, especially those designed to evade defensive
mechanisms. Furthermore, it needs to detect those attacks without
generating the false positives that may lead to security personnel
missing the true threats. Perhaps most importantly, alerts must come
with the context that enables security teams to prioritize
investigations and design a proper response.
In our latest podcast, Josh Goldfarb discusses all of this and more
with Matt Allen, senior director of FireEye Labs.