The inherent problems of the detection paradigm

M

Mihir :-)

Thread author
Content source
https://www.helpnetsecurity.com/2016/04/28/detection-paradigm/
An ongoing debate in the modern cybersecurity world is whether to detect or prevent cyberattacks. Although detection technologies are undoubtedly important tools in the defender arsenal, recent years show they have only limited effects when encountering certain types of cyberattacks.

Network based intrusion detection systems (NIDS) and host based intrusion detection systems (HIDS) have been defeated time and again. Typically, attackers successfully penetrate through the NIDS systems and gain a persistent foothold within an organization’s workstations. They gather and leak sensitive data without raising any HIDS alarms, sometimes for months and years.

Read more The inherent problems of the detection paradigm - Help Net Security
 
  • Like
Reactions: Der.Reisende, LabZero, Jrs30 and 1 other person
D

Deleted member 178

Thread author
I kept telling here since years that detection is an obsolete feature of the ancient age of security; but vendors are desperately hooking on it because it is the system which afford most incomes and users like it from beginners (who can't/don't want handle more complex and safer protection system) and by some geeks (who like test detection rates).
 
  • Like
Reactions: Der.Reisende, harlan4096 and Mihir :-)
L

LabZero

Thread author
Also, currently, a major problem is the Web malicious code that attackers are continually improving using JavaScript.
JS is very powerful and universal code that can be injected into a Web page with a simple HTML iframe, so the browser loads malicious content from a specific remote site when that page is opened.
The malicious component can be easily obfuscated, so the payload is hidden at the time of the scan of the content of the page.
It is difficult to detect the threat also using advanced detection systems.
As often happens: recycle the old..
 
  • Like
Reactions: Der.Reisende, frogboy and Mihir :-)
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The problem here where the prevalence of a samples (threats) affects the possible notification on many AV's, besides of obfuscation techniques which typically present nowadays which the solutions provided are exist but everything up to the user decision.

Honestly the techniques of a security program are already provided, you need to understand clearly how everything works.
 
  • Like
Reactions: Der.Reisende and Mihir :-)
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
Everything you know about computer vision may soon be wrong
Replies
0
Views
521
News Archive
MuzzMelbourne
MuzzMelbourne
vtqhtr413
    • +Reputation
    • Like
Consumer Data: The Risk and Reward for Manufacturing Companies
Replies
0
Views
495
News Archive
vtqhtr413
vtqhtr413
Kongo
    • +Reputation
    • Like
The State of Ransomware 2023 | Sophos News
Replies
1
Views
1,903
News Archive
HarborFront
H

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top