The relationship between security professionals and threat actors can best be described as a cat and mouse game. Yes, security technology is continually evolving in an attempt to stay ahead of threats, but the challenge is monumental given how adversaries can quickly pivot and update their tools.
When you consider malware detection, the fundamental approach involves security practitioners laying down traps for the bad guys - much like everyone’s favorite cartoon cat Tom did when he was after the cute and smart little Jerry. But it’s a much more severe scene when you take into account what’s at stake for businesses, enterprises, and consumers today.
While the traditional malware detection is useful, it’s also one step behind threat actors. Those “traps” have to be continuously customized to match the evolution of malware, Giovanni Vigna, a professor at UC Santa Barbara’s Computer Science Department and co-founder of Lastline, told InfoSec Insider in a recent interview.
“We continuously have to modify these traps, from a mousetrap to a lion trap, to a bear trap,” Vigna told InfoSec Insider at the recent InfoSec World Conference & Expo in Orlando, Florida. “This requires a lot of human involvement, which is very expensive, [and] eventually we’ll be at a disadvantage in this arms race. They can always come up with a new animal for which we don’t have a trap.”
What’s the answer? Vigna believes it’s time for security practitioners to get proactive.
In the full video interview below, Vigna discusses why security professionals should consider a proactive threat hunting model, and outlines how they can begin to take that approach.