The Rate of Learning in Threat Detection

Historically, threat detection (e.g., rule-based intrusion detection, anti-virus systems, and threat intelligence feeds) has been reactive and involves flagging digital requests containing known signatures. These signatures are formalized post hoc, emanating from a compromise that has already happened and was then shared with others. Organizations have relied heavily on these tools--to their disadvantage. The figures below reflect the traditional threat detection paradigm of learning vicariously from peers and highlight how it is at a disadvantage against new or adaptive adversaries. There are some things worth remembering; certainly, past security events are one of them because mistakes are great teachers.