Use cases: Detecting unknown malware and ransomware

Splunk Security Use Case Detecting Unknown Malware and Ransomware

Cover

The traditional way of detecting an advanced malware or threat compromise in a Windows environment relies on using a signature based antivirus or malware product.

But this approach can be difficult for many since most anti-malware solutions that are signature based rely on a known list of signatures. This becomes a challenge because signature based detection will not catch everything.

In this white paper, explore a step-by-step journey on how to detect unknown malware activity and early signs of compromise in a Windows environment.

Find out how security analysts can gain a significant understanding of detailed activities on endpoint, and learn more about:

  • Searching for process creation anomalies
  • Objectives of the analytics approach
  • Malware process hiding as existing OS or application process
  • And more

Also, uncover a couple conditions to define a potential malware sneaking into a system process.

Vendor:
Splunk
Posted:
28 Jun 2018
Published:
28 Jun 2018
Format:
PDF
Type:
White Paper
Language:
English
Already a Bitpipe member? Login here

Download this White Paper!