The recent years have witnessed a distinct and
consistent escalation in cyberattacks’ scope, scale, and
sophistication, impacting organizations across all verticals and
locations. This escalation is manifested not only in increasing
proliferation of threat-actor groups, but also in the diversity of the
utilized attack Tools Techniques and Procedures (TTPs), ranging from
zero-day exploits to weaponized antimalware and publicly available
toolkits.
This threat landscape is driving a change in the common security
paradigm, bringing security stakeholders to realize that a resourceful
and determined attacker will at a certain point succeed in bypassing the
traditional prevention and detection controls.
To proactively respond to these threats, there
is a need for a security layer that operates following the successful
bypass of these controls and is tasked with detecting the malicious
activity consecutive to this bypass.