"Attacks are becoming easier to find and easier to follow," Josh Pyorre, security researcher at OpenDNS told Infosec Insider during a recent video interview [below]. "Attackers aren't being really savvy. It's still phishing, it's still ransomware...it's what brings the money in quickest."
Right he is. As Verizon's recent Data Breach Investigations Report notes, financially-motivated attacks were a major highlight of the study. Additionally, the FBI's Internet Crime Complaint Center reported a 2,370% uptick in exposed losses tied to business email compromises and email account compromises.
These threat may be a lot easier to find, but they're not solving the major problem; getting ahead of the threat. Pyorre is an advocate for behavioral-based detection as a tactic that could help security teams take a step in the right direction. While signature-based detection does have it's fair share of problems - such as looking for known threats - the technology around behavior-based detection is still evolving, so it may still be too "new" for businesses, Pyorre says.
Pyorre says the reason more organizations are not using behavioral-based detection is because it can be difficult, and it’s beyond ‘business as usual.’
"It involves a lot of machine learning and processing on a lot of data and logs," he says. There are companies that are doing this on user behavior based on active directory environments and what's going on in those environments, and there's sort of a limited behavioral analysis on network traffic, but I feel like it's still new."
In this video interview with Infosec Insider, Pyorre discuss his approach to detecting threats, why behavioral-based detection hasn't been widely adopted, and how programs could possibly replace threat analysts.