The overall market for cybercriminals is estimated at anywhere from $450 billion to a trillion, according to congressional testimony given by Ed Amoroso, Chief Security Officer from AT&T, and General Alexander, the former Director of the NSA. The bottom line is that the hacker economy is huge….and growing. It is estimated that hacking will soon become one of the top grossing criminal activities in the world.
Highly sensitive financial, medical and identity related information has moved into the digital world and if the methods of protecting that information do not continue to advance, it falls into the hands and pocketbooks of individuals who are devoting countless hours to finding new ways to obtain it.
How are today’s threats different? It’s not just that they are more sophisticated, but attack methods have fundamentally changed.
First they are targeted, with a specific objective. Previously, we may have seen threats such as mass malware that can infect PCs or random attacks on unnecessary services running on external-facing servers. Advanced threats typically use custom malware that targets an individual or group of employees at a specific organization. The attackers are seeking specific information – intellectual property or confidential documents. And their entry point to the organization is the compromise of an individual user’s credentials that they can use to establish a non-suspicious initial foothold in their target organization.
Second, once their initial intrusion is successful, advanced attackers are much more stealthy. Unlike a “smash and grab” password theft or website defacement, advanced attackers seek to remain hidden inside the organization, establishing multiple footholds in case their initial access is shut down, and keeping suspicious activity that might alert security operations teams to a minimum as they seek their target. They cover their tracks by erasing logs and other evidence of their activity.
And they are much more interactive. They don’t follow set scripts. They react to being detected and having access shut down by coming in through another backdoor they established and using different tactics than the ones that led to their discovery.
Against these fundamentally different attacks, we need a fundamentally different response. We need to spend less time trying to keep attackers out, but focus instead on accelerating our ability to detect and respond to intrusions, and reducing the amount of time they are in the network (which we call “dwell time”). Our goal is to ensure that intrusion and compromise do not result in business damage or loss.
So what do we mean by “point-in-time” detection? Well its any technology that evaluates a file or traffic coming into your network, and a judgment is made at that single point-in-time as to whether that file is good or bad. If it’s known as malicious, it will likely block it. If it’s deemed benign, then it will let it through…. But that’s where the analysis stops. Today, malware is too sophisticated and too dynamic to think that this type of detection technology alone will be able to detect all malicious software trying to infiltrate your system… No detection method is 100% effective at detecting all threats that try to infiltrate your system.
Furthermore, point-in-time tools are leaving IT security professionals blind to the stealthy malware that manages to infiltrate their network, leaving them with no basis for response.
Whether the traffic is deemed malicious or harmless, the AMP solution will still track every single thing that comes into the system from a wide array of attack vectors, including the network, the endpoint, virtual, and mobile. Continuous analysis is going to be watching and recording everything it sees to ensure the highest level of protection from ransomeware possible. Basically, you can think of it as a video recorder that constantly records and gives you the ability to rewind, fast forward, see where a file has been, where its going, and what it’s doing.
AMP continuously monitors that information using tools such as file trajectory and behavioral indications of compromise which give an organization’s IT security team an increased contextual awareness and understanding of the health of their systems and can provide complete visibility of an attack from beginning to end.