In-House Malware Analysis: Why, How To Do It

In-depth malware analysis can be part of a comprehensive vulnerability management strategy. Here's how to get started.

September 30, 2011

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Vulnerability management translates into reduced risk, not invulnerability. Your antivirus and intrusion detection/prevention systems can't detect and stop every piece of malware. Even as our security programs mature and our security tools become more sophisticated, attackers have gotten too good at getting into our networks.

A layered defense-in-depth requires enterprises to augment their vulnerability management, malware prevention, and intrusion detection programs with malware analysis. The goal: to identify and assess threats on the corporate network and respond quickly to contain and mitigate the impact and remediate the damage.

Enterprises surely can reduce risk through a program that follows a regular vulnerability management cycle of prioritized, risk-based patching, patch validation, configuration management, and monitoring for systems that may be missed or fall out of compliance. But more than 4,500 vulnerabilities were identified in 2010, and systems remain vulnerable despite diligent efforts. There are numerous good reasons for this, many of them related to the practical problems surrounding patch management.

While most companies have a vulnerability management program in place, there's a strong case to be made for an in-house malware analysis initiative as well. The two programs are complementary: Malware analysis combined with vulnerability management helps enterprises evaluate which systems are vulnerable, the scope of the threat, and how to determine where it has or will spread, so you can respond quickly to contain it.

"Malware analysis is a useful skill for incident response," says Jim Clausing, technical consultant, network security at AT&T and an incident handler at the SANS Internet Storm Center. "It's not necessarily my job to figure out everything malware does. I need to understand enough of it so I can help defend the enterprise."

That means enterprises don't necessarily have to dive deep into reverse engineering of malware found on their networks and develop their own signatures to protect against further incursions. The kind of detailed static malware analysis performed by security vendors and labs is time-consuming and expensive, even if you have the right expertise in house. Some companies contract with third parties, but that too is expensive and usually reserved for only the most urgent events.

Read the rest of this article on Dark Reading.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Integrating the new APs into Dartmouth’s existing network infrastructure was no small feat. Mist’s AI-driven insights made this easier.
Network Management
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend

Sep 12, 2024

Extensive communications outages from Hurricane Helene drive home the need for new approaches to strengthen network resiliency.
Network Resilience
Hurricane Helene Communications Outages Show Need for Greater Network Resilience
Hurricane Helene Outages Show Need for Greater Network Resilience

Oct 3, 2024

Satellite services could bridge the digital divide in remote areas through partnerships like the SoftBank-Intelsat collaboration announced last month.
Network Infrastructure
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network

Oct 9, 2024

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events