According to the Verizon Data Breach Report 2015, 70 to 90 percent of malware samples are unique to an organization, which means the malware wouldn’t automatically be identified as a threat. This puts any organization relying only on signature-based tools at great risk, as they could have malware actively running in their environments yet be unaware of any compromise. Motivated threat actors can typically find ways to bypass purely preventative measures, including “advanced” measures that still must rely on previous experience or knowledge of a strain of malware to detect and stop it. Techniques like metamorphism, polymorphism, and sandbox evasion have changed the game and unfortunately, are no longer confined to the domain of sophisticated threat actors. Nowadays, they’re the status quo.
In the face of such a reality, effective approaches for addressing malware can’t be predicated on just prevention alone, but must be focused on deep visibility and swiftness of response.