05-14-2014 12:48 PM - edited 05-14-2014 12:49 PM
The report points out that the volume of alerts is huge, and it typically takes a human analyst to determine whether or not the alert actually signifies an infected device. Treating every alert as an infection would be ridiculous, but taking time for analysis gives the bad guys time to act. Worse, by the time analysis is complete the infection may have moved on. In particular, it may be using a completely different URL to get instructions and exfiltrate data.
05-14-2014 12:51 PM
Indeed, and you can imagine what it must be like for the Webroot Threat Researchers and what they have to review & consider everyday...no pressure then, eh?
Webroot SecureAnywhere Complete Beta Tester v18.104.22.168...+ VoodooShield v3.05 Beta...working together as the NEW perfect combination! And backed up by Macrium Reflect v6
05-14-2014 02:36 PM
Indeed it's an interesting article, definitely worth reading.
Thanks for posting and sharing Jasper!
WEBROOT® SecureAnywhere™ Internet Security Complete Beta v22.214.171.124