The fallacy of targeted attacks

摘要

Over the last few months, I've had the opportunity to visit, meet and hold extensive discussions with a variety of people across the security landscape. In the process, I've realized there is a great level of misconception around the detection or even prevention of targeted attacks and advanced threats. First of all, prevention is simply not possible. If that problem were solvable, academia and industry would have solved it many years ago, and other types of threat detection companies simply wouldn't exist. The attacker has the first move, thus the infection vector is bounded by the attacker's skill sets. Now, let's try to demystify the problems of detecting advanced and targeted threats and discuss to what extent we can rely on sandboxing-based technologies to solve the problems for our organizations.