About Advanced Persistent Threats
Detecting abnormal or malicious network activity is very challenging. Today, the most often used techniques are based on the detection of known attacks using signatures and identification of behaviour anomalies (e.g., as done by Intrusion Detection Systems), but 0-day and Advanced Persistent Threats (APTs) are not sufficiently detected by existing techniques. APTs are complex hacking processes carried out by attackers usually targeting a specific entity. The term "persistent" is used to emphasize that it is often based on a Command & Control system that continually monitors and exfiltrates data from the targeted system.
Solutions currently available in the market or in research involve the analysis of network traffic, email content and downloaded files to identify malicious activity and behaviour, viruses & malware. For the most part, they depend on known threats to be blocked. This way of proceeding has shown its limits and the number of new malware variants that appear each day is alarming (~1 million each day in 2017 according to Symantec ). Montimage proposes a security solution that surveys user and computer system activity and correlates it with the network traffic events. This is essential to be able to automate the process of separating legitimate network traffic from unnecessary, abnormal or malicious network traffic that needs to be blocked.