“Now you see me now you don’t”: The undetectable threat detection

In my previous post I asserted that evasion and persistence are the 2 main “malware virtues” challenging existing detection methods.

In order to successfully thwart advanced malware, a twofold new approach must be introduced to augment existing threat detection solutions:

  1. Separation of the detection layer from the attack surface (this blog)
  2. Placement of advanced high-interaction honeypots closer to the attacked users (next blog)

First things first: Why is it so hard to detect advanced malware?

Well, the short answer is: Because malware has become so sophisticated and fast-changing, while operating systems have become unbearably large and complex.

Malware detection is uncomfortably situated between the rock and the hard place: It needs to deal with both the vulnerabilities and complexity of the operating system and the malicious activity to the malware.Continue reading