Read NNT's CTO Mark Kedgley's latest article discussing the concept of alert fatigue and the need for forensic level, real-time integrity change monitoring, combined with blacklist/whitelist based analysis for breach detection, published with SCMagazine.
NNT knows a combined blacklist/whitelist based analysis is the most definitive- literally 'black and white'- decision analysis for breach detection.
NNT’s F.A.S.T. Cloud (File-Approved Safe Technology) was highlighted for praise in the recent Cybersecurity Ventures Hot 500 for its delivery of exactly this kind of real-time perceptive analysis of events, referencing whitelisted file-reputation data for 'known safe' changes, for example, Extended Validation (EV) Certificate-signed manufacturer patches, the overwhelming source of change noise within any IT estate.
With over 4 Billion file reputation data behind it, the built-in knowledge of ‘safe’ files is comprehensive, meaning that change noise is muted to expose the remaining minority of genuinely suspicious unrecognized files. Within this minority there will be legitimate, non-whitelisted files, such as bespoke applications and occasional ‘left-field’ niche products, which can then be re-classified once assessed. But also, included in this ‘no reputation’ classification, will be the Zero-Day malware - the millions of Trojans and other APT and Ransomware vectors - the stuff we really need to know about.