The biggest threat to your organization probably isn't malware...
Unfortunately for malware-based detection systems such as AV, there is a clear trend of advanced threat actors using less malware. In many cases of targeted attacks, remote-access Trojans (RATs) are used only to establish an initial foothold on the network. From that point, attackers increasingly steal credentials from the victim machines, then access services such as Outlook web, Gmail or knowledge repositories to search for login credentials to target business systems. Popular examples of using stolen credentials to compromise systems in the past year include the SEA’s attacks against Twitter, NYT and Microsoft. Further access to the network is increasingly achieved via stolen RDP or VPN credentials- completely bypassing perimeter-based security systems with minimal risk of detection.
In the cases illustrated above, threat actors are taking advantage of the fact that existing security technologies are designed to pinpoint the signatures of known attacks, not valid access to systems from attackers using stolen credentials.
MACIE's™ user behavior classifier is uniquely capable of detecting anomalous access to systems from attackers using stolen credentials by detecting anomalies in how the user accesses the network by noticing changes in location of access, browsing habits, data transfers and other telemetry that can be harnessed from existing systems.