STUDY ON FILELESS ATTACKS UNDERSCORES RISK OF OVER-RELIANCE ON ENDPOINT SECURITY

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

The fileless attack is a prime example of security threat evolution and the ability of adversaries to identify new and vulnerable paths of attack.

Rather than using downloadable files, such as malicious executables, fileless attacks use exploits, macros, scripts, or legitimate system tools, instead,” according to a new study by the Poneman Institute, titled, The 2017 State of Endpoint Security Risk.

Such attacks are designed to be launched from system memory, never touching the local file system and therefore bypassing many malware identification solutions. Once a machine is compromised, it can be used to gain access to “legitimate system administration tools and processes to gain persistence, elevate privileges, and spread laterally across the network.”

The findings stem from a survey of 665 leaders from across IT and security with several key findings. Below are some of the results that stood out for us.

1) As attacks evolve, so too should protection

Most respondents (68%) indicated that “new and unknown threats” have increased significantly. About one-third noted traditional solutions that rely solely on signature analysis or file scanning are not enough to provide adequate protection.

This is why we advocate multiple methods of detection – as part of a layered security posture –to identify known, unknown, and new and emerging threats.

No one is advocating a total departure from signatures, as signatures are still the most effective method for rapid identification of known threats. For example, a signature was published for the exploit at the heart of the Equifax incident, which could have potentially warded off the threat even as the organization worked through its patch and change management process. The best strategy is to employ multiple detection techniques to ensure protection against known and emerging threats.

To read the entire blog, please click here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
15 Followers
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel