Modern cyber attackers are patient, strategic operators who infiltrate and persist within a network over an extended period of time. These long-term attacks rely on ongoing communications to manage and coordinate the various phases.
But unlike an exploit or malware infection – which only need to succeed once to be effective – traffic must continually traverse the network perimeter without detection. As a result, attackers spend considerable time and effort to ensure their communications remain concealed.
It is critical to understand how attackers use covert communications and how security teams can spot them to prevent theft of your data and assets.
This whitepaper with our partners Vectra covers:
- The uses of covert communications: command-and-control and exfiltration.
- How to reveal encrypted threats without decryption.
- How to analyse network traffic to reveal subtle abnormalities that give away the presence of a hidden tunnel.
- How to uses data science and packet-level machine learning to reveal the presence of external remote access without dependence on signatures.
- How to find hidden communications within allowed applications through a careful use of AI and data science.