Over the past few years, we have seen numerous APT attacks that leave behind new malware that has never been seen before and thus can’t be detected. We find ourselves in a situation where most security technology needs to be monitoring for ‘known’ threats as well as ‘unknown’ threats. Customers rely on vendors to update their systems with known threat indicators. This does not help with unknown threats from malware based zero-day vulnerabilities, especially when the attacks are designed to look like an application or hide its activities. This session will help define a methodology for a risk-based approach to monitoring for unknown threats and a means to understand where the most valuable business data assets are located, as well as, what is a normal system event.