The problem with the vast majority of network and endpoint security solutions is that they operate on the premise of static whitelists and blacklists. These lists do not account for the changing nature of URLs, IPs, files and applications, nor for the volume of unknown threats permeating the web, meaning they cannot be used to provide adequate protection.
Compounding this problem is that commercial network security technology, such as NGFWs and unified threat management systems, can easily flood the organization’s network security teams with too many alerts and false positives, making it impossible to understand and respond to new threats. As a result, not only do these threats evade the security technology and land with the victim’s infrastructure, but they also have plenty of time to steal sensitive data and inflict damage to the victim’s business. The final characteristic of the latest attacks is how quickly they compromise and exfiltrate data from the organization, compared to the average time it takes to detect their presence.