Hunting with Prevention

by Dave Shackleford
Sept. 1, 2017 0 comments SANS Institute Detection & Response

Traditional endpoint protection such as antivirus, while effective in some cases, is no match for the ever-changing techniques that attackers use to get past defenses, according to multiple SANS surveys.1 2 3 The surveys also show that attackers get around traditional defenses, dependent on indicators of compromise (IOCs) and signatures, by targeting authorized users. Through phishing and drive-by downloads, they gain authorized access by hijacking legitimate credentials and administrative tools. Additionally, attackers continue to diversify endpoint and network utilization to stay one step ahead of signature-based defenses.