Indicators of compromise (IOCs) are an incredibly important forensic artifacts which, as the name suggests, are used in incident response and threat research to discover if a system has been compromised. They come in various forms, for example, unusual outbound network traffic, an MD5 file in a temporary directory, or even log-in irregularities. One class of IOCs so far resistant to detection by traditional methods relates to the use of external content in web-based attacks.
At Black Hat Europe earlier today, Trend Micro senior security researcher Marco Balduzzi, explained how a new machine learning approach can reap fantastic results for early detection of such threats. Continue reading →
Today’s IT security bosses are assailed from all sides by a huge variety of online threats. They’re designed to exploit known and unknown vulnerabilities across cloud, mobile, virtual and hybrid environments. And increasingly, they’re developed to outwit traditional signature-based tools. Yet the impact of these threats has never been greater. Data breaches and service outages can lead to heavy industry fines, damage to the brand, lost customers, remediation and clean-up costs, and even heft legal bills.
That’s why we have developed a new statistical-based approach designed to learn as it goes to detect modern unknown threats. This XGen approach was revealed at Black Hat today by senior researcher, Marco Balduzzi. Continue reading →