In this blog post, we present some of the steps that Cisco takes to improve detection efficacy even further by taking the same data and looking at it from a different angle. We have also looked at one of the recently implemented algorithms (Probabilistic Threat Propagation) that helps scale up the number of retrospectively convicted polymorphic malware samples through knowledge sharing between multiple threat intelligence sources available in the Cisco Security portfolio. In our previous blog post, Cognitive Intelligence: Empowering Security Analysts, Defeating Polymorphic Malware (Part 1), we showed how Cognitive Intelligence helps detect and prioritize breaches while providing context-rich (and organization-tailored) threat knowledge to incident response teams and how that knowledge helps focus on alerts that really matter. With over 12 years of research experience, more than 80 machine learning scientists and engineers, and 60 patents and fillings, Cisco Cognitive Intelligence group along with the AMP research team are committed to helping customers achieve shared security goals. We strive to do so by continuously improving existing, as well as exploring new ways to make security teams more effective at what they do – protecting their organizations. Helping solve those challenges is the core of our work at Cisco. Mindfully listening and understanding the most critical needs of our customers is vital for us. Given that fact it would be optimistic to expect organizations to be able to catch up on their own, it is not only about the rapid pace of change that is challenging individual defender groups, but it’s also the sophistication and the scale of these attacks. Malware authors like to play dirty tricks in defenders’ sandboxes.
At the same time, dynamic analysis generally performed in a sandbox environment has its own challenges around sandbox detection and evasion techniques. That means that the vast majority of malware is unique to each target, and that poses an on-going challenge for traditional endpoint security solutions. Static analysis approaches are prone to evasion using malicious packers, code obfuscation, and polymorphism.
Co-authored with: Jan Jusko, Harry Nayyar, and Danila Khikhlukha.Īdversaries continue to evolve their techniques to evade detection.
0 kommentar(er)
