Cybercriminals have ramped up their initial compromises through phishing and pharming attacks utilizing a variety of tools and tactics that, while numerous, are simple and often go undetected. One technique that attackers continue to leverage to obfuscate specific activities and remain undetected is dwell time.
Dwell is the time between the initial compromise and the level when the attack campaign is identified. While industry reports offer differing averages for dwell day, I have yet to see reporting that presents an average below the 50 to 60 -day range. Read more about advanced endpoint protection and dwelt day.
Bolster Your Advanced Endpoint Protection( AEP)
While dwell times have slightly lessened as attackers become less patient, they are still significant enough to evade the plethora of security tools that exist today. The challenge with these tools is their inability to piece together attacker activity over long periods. By the time enough indicators of compromise( IoC) disclose themselves to be saw, it is often too late to prevent a transgres. Most monitoring solutions look for attacker activity to identify a potential indicator of compromise. Nonetheless, the best way to combat dwell time is to identify and eradicate dormant or nascent malware that stays well-hidden before they periodically activate.
A layered Solution
Frontline Active Threat Sweep( Frontline ATS ), incorporated in Microsoft Defender for Endpoint, recognizes malware designed to actively evade EDR answers. Frontline ATS is part of the Digital Defense Frontline.Cloud platform on-demand agentless threat detection that proactively analyzes assets for indications of a malware infection before other agent-based security tools can be deployed. When integrated, Frontline ATS augments Defender for Endpoint’s abilities by identifying concealed IoCs without adding agents.
The ability to stay undetected for long periods of time is one of the most common and challenging tactics that attackers use to execute a successful breach. In addition, even when a security team utilizing monitoring tools or an incident response( IR) service is able to detect a threat and clean up an infection, it is common to see it repeatedly resurface. This is because even though all active indicators of the threat have been investigated and addressed, if the initial, and often inactive, installation of malware is not discovered due to inactivity, it can later be re-activated to re-spark an infection. With Frontline ATS and Defender for Endpoint, security squads can find any source, artifact, or inactive remnants of malware that could restart the attack campaign. Defender for Endpoint and Frontline ATS offer comprehensive and unobtrusive advanced endpoint detection, protection, and response for drastically enhance security operations team’s effectiveness at preventing breaches.
To learn more about the Microsoft Intelligent Security Association( MISA ), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member consolidations with Microsoft products.
For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
Read more: microsoft.com