Advanced cyber threats are more targeted than other cybersecurity threats. They may focus on a certain industry, sector or geography and sometimes even individual organizations. Anti-malware, other standard controls and endpoint solutions can fail to block or prevent these attacks. More effort is required for detecting cyber threats – but doing so is a must in order to prevent data leakage. Criminals only need to find a single vulnerability to carry out an attack.
Ideally, organizations want to stop attackers during the reconnaissance, exploitation or lateral movement phases of an attack.
- Reconnaissance refers to target selection and research and includes information-gathering from:
- Social networking websites
- Internet search engines
- Other sources that profile the targeted organization
- Data exploitation refers to behavior indicating a successful exploit of a vulnerability
- Lateral movement is a term used to describe penetration activities by intruders as they spread throughout a network.
It’s important to detect attackers with advanced cyber threat detection during these phases because once data has left the network, the threat hunt turns into a forensics case.