In my previous post I asserted that evasion and persistence are the 2 main “malware virtues” challenging existing detection methods.

In order to successfully thwart advanced malware, a twofold new approach must be introduced to augment existing threat detection solutions:

1. Separation of the detection layer from the attack surface (this blog)
2. Placement of advanced high-interaction honeypots closer to the attacked users (next blog)

First things first: Why is it so hard to detect advanced malware?

Well, the short answer is: Because malware has become so sophisticated and fast-changing, while operating systems have become unbearably large and complex.

Malware detection is uncomfortably situated between the rock and the hard place: It needs to deal with both the vulnerabilities and complexity of the operating system and the malicious activity to the malware.Continue reading→