Malware is a common attack vector used by adversaries to harvest user credentials, exfiltrate data and extort money. Threat detection harnesses signature and behaviour-based threat detection techniques to identify the latest malware threats, including ransomware and cryptomalware, as well as fileless and polymorphic variants. Automated incident response actions enable threats to be contained and eliminated before they spread.

System vulnerabilities and misconfigurations can allow attackers to gain elevated access to systems and assets that are normally restricted. Threat detection uses the latest behavioural monitoring technology to closely monitor the activities of privileged users, identify privilege escalation techniques and detect attempts to exfiltrate data.

Upon establishing a foothold on a network, attackers will attempt to pivot through systems and accounts to reach their end goal. Threat detection helps detect lateral movement by identifying privilege escalation, efforts attempts to install remote access tools, and changes to access controls.

A large proportion of attacks target endpoint devices such as servers, workstations and laptops. Threat detection baselines the activity of hosts to help detect unusual behaviour such as spikes in network traffic, unknown communication sources, and the deactivation of security controls.

Malware is a common attack vector used by adversaries to harvest user credentials, exfiltrate data and extort money. Threat detection harnesses signature and behaviour-based threat detection techniques to identify the latest malware threats, including ransomware and cryptomalware, as well as fileless and polymorphic variants. Automated incident response actions enable threats to be contained and eliminated before they spread.

Tracking adherence to information security policies and standards is a good way to uncover suspicious activity. Threat detection helps to detect threats by monitoring employee and system attempts to access restricted resources, including unusual out-of-hours requests.

To steal account names and passwords, adversaries deploy credential harvesting malware, and use brute-force and credential dumping techniques. Threat detection can help detect credential access attempts by monitoring for use of weak passwords, account lock outs and login attempts from unknown locations.

Many cyber security threats now specifically target cloud environments. Threat detection can help to achieve cloud visibility by monitoring public, private, hybrid and virtualised cloud environments for suspicious user, system and application activity.

If your organisation is dependent on a growing ecosystem of partners and suppliers, there is an increased risk of a supply chain compromise. Threat detection helps prevent third party compromises by closely monitoring user accounts, applications and web sites for suspicious activity.

Despite the adoption of more intelligent prevention technologies, there is always a risk of employees receiving and falling victim to phishing emails. Threat detection provides an extra layer of protection against phishing attacks by integrating with secure email gateways and popular email tools such as Office 365 and Gmail to improve detection of suspicious activity.

People, whether acting out of negligence or malice, are one of the top causes of data breaches. Threat detection leverages advanced User and Entity Behaviour Analytics (UEBA) to help better identify compromised accounts, privilege abuse and other suspicious user activity that could suggest an insider threat.

Detecting previously unknown threats is challenging but achievable with the right tools and data. Threat detection integrates the latest cyberoffensive intelligence, high fidelity telemetry and a range of analytics-based technologies to hunt for evidence of new adversarial tactics, techniques and procedures.