Why Signature-Based Cyber-Defenses are Bound to Fail

Sam Maccherola

You will never see an alert from your security information and event management (SIEM) tool for a zero-day attack. There is no signature in your blacklist for the malware that was custom-built for your organization and secretly colonized your mail server a month ago. No indicator, no pattern match, no alert.

Why is this the case? Because malware is constantly morphing, and because the sophisticated and dedicated minds under those black hats are working night and day to design a data breach specifically for each organization it decides to invade. When it hits you, it will be the first time its signature has ever been seen.

Barbarians Inside the Gate: Finding the Needle in a Data Haystack

Sam Maccherola

Despite most corporations’ robust perimeter security solutions, advanced persistent threats may already have evaded perimeter detection and be lying in wait for some future launch date. Of even more concern is the fact that some of the barbarians who are already past the gate may not be Ukrainian hackers, they may be someone working at a neighboring desk.

Insider Threats: There is something you can do

Some methods for dealing with insider threats are exercised by managers with good people skills and the ability to spot early signs of attitude or work-satisfaction issues. However, the best source of raw intelligence on potential threats in the modern enterprise is found directly at the endpoints such as laptops and servers—the targets of most serious information-security threats.