In my previous post I asserted that evasion and persistence are the 2 main “malware virtues” challenging existing detection methods.
In order to successfully thwart advanced malware, a twofold new approach must be introduced to augment existing threat detection solutions:
- Separation of the detection layer from the attack surface (this blog)
- Placement of advanced high-interaction honeypots closer to the attacked users (next blog)
First things first: Why is it so hard to detect advanced malware?
Well, the short answer is: Because malware has become so sophisticated and fast-changing, while operating systems have become unbearably large and complex.
Malware detection is uncomfortably situated between the rock and the hard place: It needs to deal with both the vulnerabilities and complexity of the operating system and the malicious activity to the malware.Continue reading