Winning the battle  against blended threats


We’re watching evolution in real-time. The bad guys have industrialized the attack toolbox. They’re a step ahead of firewalls. They know where the tripwires and detection thresholds are for DDOS and Bot Detection solutions. Staying low and slow is cheap and productive. They’re sappers and deftly understand how to stay below the threshold of detection.  

From reconnaissance towards pwnage, attack methodologies shift, shimmer and shimmy through cracks in defense systems designed for a less clever attack. What was once a winning defense strategy—tooling designed to block a single variant of an automated attack—just doesn’t cut it anymore. 
For good reason, companies are calling ThreatX for help. Their allegedly best-of-breed point-solutions for DDOS mitigation and Bot detection are failing in the face of this evolution in attack sophistication. When we get the call, we start with forensic analysis to determine how and why things went wrong, and we deploy the full power of the ThreatX Platform to get them protected going forward.  
Recently, several of these engagements have shared a common theme—the damage was getting done because attackers used a blend of tools and techniques that didn’t fit cleanly into any single layer of the client’s defense perimeter. As we dug into these attacks, obvious questions emerged; 

  • Was it a bot attack?  
  • Was it a large-scale Distributed Denial of Service (DDOS) attack? 
  • Was it an attempt to exploit a known vulnerability deep in some application’s tech stack? 

Spoiler Alert: the answer to all three questions is “YES”! 
Because attackers are under no obligation to conform to our defense toolchain’s definitions or expectations.  

Increasingly, our threat-hunters observe highly sophisticated, multi-faceted, mixed-mode attacks that penetrate defenses by staying just below detection thresholds. Then they morph. Then they move one more step. Then they morph again. Each elusive step applies different tricks to slip between the cracks in a defense perimeter designed for a different scale of attack. 

In the cat-and-mouse game of cyber defense, it’s good sport! 

In most cases, the problem…