Behavior-based detection is the modern standard for security as traditional AV became obsolete.
There is nothing static about the world of cyber security - even this article, which was updated in 2024 from the original post. Threat actors have progressed by leaps and bounds since hackers and breaches first began to make popular headlines. The minimum security standards, too, have evolved to give companies a fighting chance against increasingly advanced tactics.
Traditional anti-virus (AV), which relied on a defined set of signatures to detect malicious activity has become obsolete. These tools compare these signatures to files on a system to determine if a file is bad. While this set of signatures is continually updated, the result is often a game of catch-up for security professionals and AV customers alike. The latest technology instead poses this question: what if the file isn’t inherently malicious, but is involved in a malicious activity? Furthermore, what if harmful behavior isn’t tied to a file at all?
Behavior-based detection is the modern standard for security as traditional AV becomes obsolete. In fact, the vast majority of malware and malicious activity Beazley Security’s Digital Forensics and Incident Response (DFIR) team has investigated was not detected by the traditional AV solutions the victims had in place. The main solution to this problem is two-fold: next-generation AV (NGAV) and endpoint detection and response (EDR).
NGAV combines the best of traditional, signature-based monitoring with real-time process monitoring to provide a clear view of an organization’s security landscape. EDR takes this one step further by providing a centralized management console from which administrators can act by connecting to their networks to monitor, investigate, and respond to incidents and take advantage of a plethora of features. New solutions, such as Beazley Security's managed detection and response (MDR) solution powered by Hunters advanced XDR platform, takes things even further.
Still unsure if behavior-based detection is necessary for your organization? Remember this: in almost every network breach we've investigated, correctly implemented NGAV or EDR solutions helped identify the activity early. Using our managed XDR solution, would have allowed us to identify, contain, and remediate the attack and dramatically reduce the potential for damage .
Blackbyte ransomware gang returns with Twitter presence, tiered pricing
Ransomware groups continue to increase the pressure on their victims by reducing the time they have to pay ransoms before their data goes public. Ensure that your organization’s communication plan outlines a clear and decisive response to such events.
35,000 repos not hacked, but clones flood Github to serve malware
Cloned GitHub repositories (“repos”) have been utilized to trick high volumes of users into unwittingly downloading malware. Protect your users and your organization by ensuring that only trusted GitHub repositories are used.
North Korea hackers spotted targeting job seekers with MacOS malware
The North-Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple computers with Intel and M1 chipsets. It is critical to be aware that Mac computers are not immune to security events: organizations must ensure that they have the same level of protection as Windows endpoints.
State-sponsored apts dangle job opps to lure in spy victims
Phishing attackers targeting individuals searching for jobs are on the rise. Be aware of this trend and continue to educate your workforce on the latest phishing campaigns and tactics.
"There is nothing static about the world of cyber security - even this article, which was updated in 2024 from the original post."
"Traditional AV is dead. Advanced tooling in EDR and XDR solutions provide greater visibity to threats."
"Beazley Security has launched a managed XDR solution, powered by Hunters technology."
