In the past, attackers would privately target an organization, and in case of strong security defenses, would simply move to the next organization in line. Now we see that organized crime places specific organizations under their radar and attack them systematically with an army of zombie computers that no organization can handle with its power.
Cybercrime is now based on a new type of attack – non-vulnerability-based attacks. These attacks do not exploit known application vulnerabilities, but rather use application transactions for malicious activity, so they go undetected by standard network security tools. A few examples of non-vulnerability based attacks include brute force attacks aiming to defeat a business authentication scheme; HTTP page floods targeting application server resources; and web application hacking that scans a Web site looking for vulnerable pages.
Signature detection technology is almost 20 years old and was designed to detect attacks that exploit known application vulnerabilities. But today, the bad guys are smart: They deploy non-vulnerability-based attacks that cannot be detected by static signature technology. They develop new types of malware every day, so you now need millions of signatures to block every instance of malware that exists in cyberspace.
Therefore, a solution can be found in behavioral analysis technology that creates a baseline of normal users, application transactions and network bandwidth behavior. A behavioral engine has the ability to detect, in real-time, cyber criminal activities that run attacks by misusing application and network resources or by exploiting newly discovered application vulnerabilities. It then creates, automatically, a real-time signature that characterizes the attack pattern accurately to filter out malicious activity only, without blocking legitimate user traffic so as not to affect the availability of services across the Internet.
An effective system must be able to detect and automatically repel a wide variety of attacks in real-time, without negatively impacting legitimate users. Because legitimate network traffic patterns change constantly, an effective IPS (intrusion prevention system) needs to quickly adapt to its surrounding, without human intervention. Behavioral-driven real-time signature technology is key in accurately detecting and mitigating non-vulnerability threats by learning normal user traffic patterns and alerting and preventing abnormal patterns.