Modern Adversaries & Evasion Techniques

If you take away one thing from this eBook, make it this: Legacy antivirus (AV) is no longer capable of stopping adversaries. Modern endpoint security is required to stop breaches — period.

Where did legacy AV go wrong? First, the decades-old technology is too slow. Implementation takes months. And endless scans and updates swamp resources while slowing down endpoints. In other words, as adversaries have sped up, legacy AV has only slowed down.

But the fatal flaw of legacy AV is that it just doesn’t work anymore. The technology relies on signatures, which are hard to update and ineffective against fileless attacks. And given that 71% of detections are now malware-free,1 a technology that relies purely on known threats is
going to miss the vast majority of attacks.
These shortcomings aren’t for lack of effort. Some legacy AV vendors have added behavioral analysis and machine learning capabilities over the years, but it’s become a patchwork of additional agents that are cumbersome to deploy and manage. New agents often lack native integration with existing agents, forcing customers to configure connections across agents. By the time a new agent is deployed, it’s already obsolete.

Read on to learn how adversaries are evading legacy AV, hear five cautionary tales of adversaries in action and understand why modern endpoint security is the only way to stop breaches. Let’s go.