Upcoming Web Security Technology
Comparison to Existing Threat Intelligence
Current threat intelligence relies upon the detection of a threat as it exposes itself during the execution of a malicious file. The threat has occurred and infected a system relying upon a sandbox or researcher to quantify the threat, develop a signature, and associate a domain or IP address with the origination of the threat.
By the time the threat intelligence has migrated to additional detection systems, the original threat is no longer active or present and has moved on inheriting new domains or addressing schemes. In fact, research at IBM has shown that threats that emerge or associated with a new observed domain only expose themselves for a very short time, usually measured in a few hours. The threat is active just long enough to infect a target, but extinguishes itself prior to being identified by external threat intelligence. The threat extinguishes itself so it can be re-used negating the need to develop new domains or websites in the future. If the research IBM is conducting on domain kinetics is valid, the majority of malicious websites and domains go undetected!
Early identity detection of malicious activity by a threat actor and delivery of that information in near real-time to security devices is a requirement to thwart the latest generation of attacks. The ability to determine the intent of a website or domain as it illuminates though registration and/or observed global visibility provides detection at the very beginning of the kill chain. This predatory detection methodology drastically minimizes the window that a threat can occur. IBM has been conducting world-class research in the area of predatory kinetics and partnered with global DNS providers to detect threats during the exposure phase as opposed to the infection phase. The early warning system will significantly reduce the time a threat has to attack endpoints and illuminate threats that have been previously unobserved.
Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.