Blogs

Beyond point-in-time security: Stairwell’s approach to continuous threat detection

Imagine this scenario: Six months ago, your organization was unknowingly infiltrated by a sophisticated piece of malware. At that time, no security product had the capability to detect it because the threat was entirely new. The malware quietly collected sensitive data before being removed by the attackers themselves, all without triggering any alarms. Fast forward to today, and the security industry finally understands this malware. Traditional security products can now identify it, but what about the damage that was already done? How would you even know it happened? This critical security gap is precisely where Stairwell excels. With no retention limits and no per GB costs, Stairwell ensures that the ground truth is always preserved and accessible — just as reliable as gravity itself.

The concept of point-in-time security

This scenario exemplifies what I call “point-in-time security.” Most security products operate based on their current understanding of threats at a specific moment. Even products that update multiple times per hour are still confined to this point-in-time mindset. This limitation applies to static signatures, heuristics, and even machine learning models. They identify threats based on what they currently know to be malicious. From that moment forward, they offer a measure of protection. However, this approach leaves a significant blind spot: any malicious activity that occurred before the detection capabilities were updated remains invisible. This is the inherent weakness of point-in-time security, and it’s a vulnerability that attackers can and do exploit.

The limitations of point-in-time security

Point-in-time security relies heavily on the current threat intelligence available at the moment of detection. This model inherently suffers from several limitations:

  • Lag in Detection Capabilities: There is often a time lag between when a new threat is discovered in the wild and when it is added to the detection capabilities of security products. During this period, your environment remains vulnerable to this new threat.
  • Historical Blind Spots: Once a new threat is recognized, traditional security solutions typically only start protecting from that point onward. Any past compromises remain undetected unless specifically investigated, which is often impractical at scale.
  • Evaded and Removed Threats: If an attacker successfully infiltrates and then removes their presence before detection capabilities are updated, traditional security solutions will never identify the initial compromise—or potentially any aspect of it.

Stairwell’s evasion-resistant security architecture

Stairwell bridges these critical gaps with its evasion-resistant security architecture, fundamentally transforming threat detection. Our solution continuously reevaluates all files currently on an enterprise’s systems alongside every file that has ever been on those systems, all in light of new threat intelligence. This ensures no threat goes undetected, regardless of when it infiltrated. We provide equivalent visibility into not just what is present, but also what was present. We use a combination of:

  • Continuous Reanalysis: Stairwell collects and stores all executable files within an enterprise, allowing for continuous reanalysis of these files as new threat intelligence becomes available. This means that even if a threat was not initially recognized, it can still be detected once its characteristics are understood.
  • Historical Insight: By maintaining a comprehensive data vault of all files, Stairwell provides unparalleled historical insight. Any file that was once benign but is later identified as malicious will be flagged, ensuring that past compromises are not overlooked.
  • Out-of-Band Analysis: Our solution operates out-of-band, making it invisible to adversaries. Attackers cannot tailor their strategies to evade detection, as they are unaware of the continuous scrutiny their files undergo. As our systems improve, adversaries are forced to consider the unknown—the unrelenting analysis that Stairwell brings to the table—making eventual detection an inevitability.

A real-world advantage

Consider a scenario where a new type of malware is discovered. Traditional security solutions will only start detecting this malware from the point they update their signatures, heuristics, or models. However, with Stairwell, as soon as the threat intelligence is updated, our system reanalyzes all collected files. This retrospective analysis ensures that any instance of the malware, regardless of when it entered the environment, is detected and addressed.

Stairwell’s approach provides an inherently unfair advantage to defenders. We ensure that no threat remains hidden, regardless of its timing or evasion techniques. This continuous and comprehensive reevaluation is the future of effective cybersecurity, moving beyond the constraints of point-in-time security to a model where every threat can be uncovered, no matter how well it tries to hide.

While point-in-time security is the norm, it leaves significant gaps that can be exploited. Stairwell fills these gaps, providing continuous protection and unparalleled historical insight. Our approach ensures that you are always aware of threats, both past and present, and can respond with the confidence that no malicious activity goes undetected. With Stairwell, when your leadership asks if you’re affected by threat X, you will already know the answer.

Background pattern