There's some really good actionable intelligence in this report
from Palo Alto Networks. I'm really pleased with the effort, and authoring of the content too, these guys really get it, and know how to share the ideas.
The big things brought to light in this report are:
- 94% of undetected malware comes from the web,
and remains undetected an average of 20 days. From my own experience, I tell people it's 80%, so this surprised me too!
- Relatively accurate detection is possible for
half of the undetected malware, by looking at any custom TCP/UDP network traffic and
connections to newly registered DNS domains.
- Some good recommendations: Investigate any outbound SMTP that isn't from your mail server. Restrict the access capabilities of unknown, newly
registered, or dynamic DNS domains.
It's really nice for us to see data like this support our
tenacious efforts at Spikes.