Hacker Halted

Building on Tuesday’s panel at the Securing Our eCity event in San Diego, I spoke yesterday at Hacker Halted USA 2011 on the topic of realizing significant cost savings through the use of anti-malware automation tools.

It’s no secret that in today’s economy, it’s difficult for many organizations to budget enough resources to protect critical IT infrastructure, even while the number and sophistication of cyber attacks increase.  Service providers are reporting up to 100,000 potentially new malware samples each day, many highly targeted.

Many medium- and large-sized businesses and government organizations are hiring highly-trained malware analysts to supplement existing “defense in depth” technologies.  These analysts in the past have frequently turned to outsourced malware analysis firms, which is less of an option today than in the past.

Outside experts may lack the ability to provide a comprehensive forensics report of the attack.  These experts are also not an option for organizations with sensitive or classified information, yet ironically, it’s these organizations that are often most frequently targeted. And, attacks on these organizations often contain the latest and most complex social engineering and exploit techniques for penetrating networks stealthily.  Finally, outside experts often can not deliver information quickly enough to enable in-house malware analysts to act.

To support highly-experienced in-house malware analysis teams, there is a new generation of hybrid sandboxing technology that provides high-volume, deep malware inspection and analysis in a safe environment using multiple forensic technologies, providing a strong combination of cost effectiveness and timeliness of reports.

These technologies are custom-made emulation techniques or virtual machine technology in a Windows-based environment.  Inside this hybrid sandbox, a file will run in a protected environment, giving the organization a quick overview of malicious capabilities.

Truly emulated systems simulate the entire environment and offer faster analysis, a more effective defense against the cybercriminals identifying the environment as a malware-detection tool and safety against malware breakouts from the environment.  Virtual machine-based technologies, on the other hand, offer greater flexibility for customer and third party software installation and operation system version and patch levels.

We at Norman believe malware analysis is the most effective when both technologies are employed.  These will be complemented in the near future by pioneering advances in reverse engineering and new forensic technologies.

I will keep you updated on new trends in cybersecurity as well as advances in malware analysis technologies.  I hope you will share trends you see as well as successful strategies you’ve employed in protecting your networks.