Prevention tools can’t assess behaviour:
Without the ability to evaluate behaviour and its potential impact, processes that could be malicious can go undetected. This is why ransomware is problematic – encrypting information (as we saw above) has to happen on your network, and less often on your endpoints. So, tools that assess signatures can’t just look for encryption – they would yield false positives all the time. A human threat hunter can evaluate whether behaviour is suspicious or not; whether a given user should be encrypting on a specific machine at a particular time. Considering that attackers are building their weapons with an incubation period, having a threat hunter who can investigate suspicious activity (Read more...)
*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Perry Kuhnen. Read the original post at: https://www.intelligonetworks.com/blog/threat-hunting-and-epp-more-important-now

