Identity Threat Detection & Response (ITDR)

Events

Views Navigation

Event Views Navigation

Today

    • Living-Off-the-Land Attacks Dwell for Months. Here’s Why Your Detection Stack Keeps Missing Them.

    Living-off-the-land (LOTL) attacks do not drop malware, install backdoors, or trigger signature-based detections. They use the tools already present in your environment: PowerShell, WMI, legitimate remote administration utilities, and valid credentials. Nation-state groups and sophisticated criminal operators favor this approach because it blends seamlessly with normal administrative activity. Some LOTL intrusions dwell for months or even years before discovery.

    Most detection stacks were built to find things that should not be there. LOTL attacks invert the problem by using things that should be there. As a result, organizations are being forced to rethink how detection, identity, and behavioral signals work together across the stack to distinguish legitimate activity from attacker behavior.

    Addressing LOTL techniques requires coordination across endpoint, network, identity, and behavioral analytics capabilities – from EDR and XDR to ITDR, NDR, UEBA, and deception technologies.

    Topics include:

    • How LOTL attackers exploit native tools and legitimate credentials to evade detection
    • Why signature-based and file-based detection strategies fail against fileless techniques
    • Building a detection posture around behavioral analysis, credential monitoring, and assumed compromise

    Discover how to close the detection gaps that LOTL attackers are counting on and build defenses designed for threats that look like normal operations.

    Topics:
    , , , , , , , , , ,

    • AI-generated Phishing Looks Nothing Like the Phishing You Trained Your Users to Spot

    Security awareness training taught users to look for misspelled words, awkward grammar, and suspicious sender addresses. AI has eliminated all three. AI-generated phishing emails are grammatically polished, contextually relevant, and increasingly personalized using data scraped from social media, corporate websites, and previous breaches. The World Economic Forum's 2025 Global Cybersecurity Outlook found that 42% of organizations reported a sharp increase in social engineering and phishing attacks, and AI is the primary driver. The phishing playbook that employees were trained to recognize no longer matches what is arriving in their inboxes.

    This shift has implications beyond awareness training. Secure email gateways that rely on known signatures and reputation scoring struggle with AI-generated content that is unique to each target. Business email compromise attacks use socially engineered text rather than malicious attachments, bypassing controls designed for payload-based threats. Addressing this requires coordination across email security, behavioral analysis, identity signals, and AI-driven detection platforms to build layered defenses that catch threats traditional tools miss, combined with updated training programs that reflect what modern phishing actually looks like.

    Topics include:

    • How AI-generated phishing bypasses traditional email security and awareness defenses
    • Layering behavioral analysis and identity-based signals with AI-powered detection
    • Updating security awareness programs to reflect current social engineering techniques

    Explore how organizations are adapting their email security strategies for phishing attacks that no longer look like phishing.

    Topics:
    , , , , , ,