Why Attackers Can Download Your Signatures but Not Your Baselines

The reconnaissance you don't see

A competent intruder does homework before touching your network. The reconnaissance everyone pictures is about you: your domains, your people, your exposed services. There is a second kind of homework that gets less attention, and it is the one that should worry you more. The attacker also studies your defenses, and a large part of your defenses is published.

Two things an attacker can study are both public. The first is your detection logic. Many intrusion detection rule sets are open, and signature databases circulate freely. A patient operator downloads the same detection content your tools run, stands up a copy in a lab, and tunes a payload against it until nothing fires. The second is the catalog of known exploits. The CVE database lists what has been discovered, and by extension what your defenses are likely watching for. The attacker reads it the same way you do, then picks the technique that is not on the list, or the system you have not patched yet. By the time anything reaches you, it has already been checked against the published version of your defenses. The attacker is not hoping your signature tools will miss them. They made sure of it.

This is the quiet weakness of signature-based detection. The method is sound and it catches a great deal. But the logic is a matter of public record, which means it can be rehearsed against. A defense you can rehearse against is a defense with a known answer key.

The list never ends

Signatures work by enumerating the bad. Here is a pattern that matches a known piece of malware. Here is a rule for a known exploit. Each one is valuable, and each one describes something a person already saw, analyzed, and wrote down. The catalog grows every day, and it is always one step behind the thing nobody has written down yet.

A zero-day has no signature, not because no one has seen it, but because it has not been disclosed. The people using it have seen it; your defenders have not, so there is nothing to write a rule against. An insider with valid credentials matches no rule, because nothing about the session is technically wrong. A slow intrusion that moves a little at a time, over weeks, never trips a threshold built to catch a spike. None of these are unusual. In Verizon's 2025 Data Breach Investigations Report, stolen credentials were the most common way attackers got in, the initial access vector in 22 percent of breaches. CrowdStrike reported that 79 percent of the detections it logged in 2024 involved no malware at all. More and more, the intruder works by hand with legitimate tools and valid credentials, looking like an ordinary user. There is no file to match.

So the list keeps growing, and the intrusions that do the most damage keep arriving in the shape the list does not cover.

Turn the problem around

Now consider something an attacker cannot download.

Suppose you knew, for one specific server, exactly what a normal Tuesday afternoon looks like. How many processes run, and which ones. How many outbound connections it makes, and where they go. How often someone logs in, and from where. Suppose you knew the same for the off-hours and the weekend, kept separate, because a quiet Saturday is nothing like a Tuesday afternoon. Now suppose you held that picture for every host on the network and kept it current as each machine changed.

That picture is in no public catalog. It is specific to your environment, to that machine, to that time of day. An attacker who has compromised a server in your network cannot look up what is normal for it. They cannot download it, and they cannot test against it from outside, because it exists only as a product of how that one machine actually behaves over time.

This is the part that changes the math. The conventional wisdom is that the defender has to cover every door while the attacker needs only one. Behavioral baselines bend that asymmetry back. To stay hidden, the intruder now has to match the normal behavior of every host they touch, across dozens of measures at once, in the right time window, without ever being told where the lines are. One step outside the pattern, on any metric, on any host, and they have shown themselves.

What a baseline actually is

This is the idea Qato is built on. Lightweight agents on each host report behavioral statistics: network connections, process creation, listening ports, authentication events, and more. A server builds a rolling statistical baseline for each metric on each host, and it keeps separate profiles for business hours, off-hours, and weekends, so a routine weekday does not set the bar for a quiet weekend. The baseline is private by construction. It is learned from your machines and it lives on your hardware.

When recent behavior departs from that baseline, Qato scores the deviation. The score is not a verdict handed down from a black box. It breaks into the specific metrics that moved, each measured in standard deviations from that host's own normal. An anomaly that scores 73, to use an illustrative figure, might be SSH connections running well above their usual range, plus a jump in process creation, plus more listening ports than the host usually shows in that window. The analyst sees which behaviors changed and by how much. The deviation is the signal, and the breakdown is the explanation. Qato's anomaly scoring method is covered by U.S. Patent 9,866,578.

Qato does not replace the firewall, the intrusion detection system, or the SIEM. Those tools catch what they have been told to look for, and they should keep doing it. Detections can forward to your SIEM through a webhook, so they land in the workflow your team already uses. Qato adds the layer those tools were never built to provide: the one that notices when a host stops behaving like itself.

Confidence versus guesswork

Put the two approaches side by side. Signature logic is public, so an attacker can study it and arrive already knowing it will not fire. A behavioral baseline is private, so the same attacker is reduced to guessing, and every action they take is another chance to guess wrong.

That is the point. You will not close the gap by adding more entries to a list that, by definition, trails the unknown. You close it by running something underneath the list that learns what normal looks like on each host, holds the picture no person can, and speaks up the moment one machine drifts.

Signatures let attackers plan with confidence. Baselines force them to guess.

Beyond signatures. Beyond rules. Detect the unknown.

Previous
Previous

Living off the Land: When the Malware Is Your Own Admin Tools

Next
Next

Do You Actually Know What Your Servers Do All Day?