Malware analysis can be a time consuming process, especially when dealing
with a sample from skilled attackers with time and money on their side .
There is no doubt that fully reversing malware and finding out how it works
is the most effective way to learn how to defend against it, but most
businesses don't have the time or the professional resources to do it.
There are ways in which you, a Computer Network Defender, can glean enough
information from malware to be used in IDS and AV signature creation, DNS
poisoning and blocking as well as sharing with the CND community. This can be
accomplished in a cost effective manner (maybe even free) and in an efficient
manner that can rival very long code based analysis. There are even cases
where in depth knowledge of how to fully reverse the sample is not needed.
It should be noted that this is a low tech, high level mechan... (more)
When I was working on a network assessment team for one of my customers, I
would routinely hear upset voices when we would present our findings. The
most common thing that the executives would say was, “Wait a minute,
aren’t we current on our updates? I saw the compliance report, and we were
all green right?”
“All green right?”
What that Information Security Officer was referring to was a slide that was
presented to him showing the level of compliance that the hosts on his
network were currently reporting. To him, this meant secure. It meant that
all of his systems were patche... (more)
Imagine for a second you have complete network and host activity trending
data built in to your daily reporting and alert consoles that your analysts
spend hours in front of. Suddenly one of your SQL servers attempts a GET
request directly to an IP address on SSL port 443. Without that trending
information of normal behavior of your server activity, how would you detect
With trending information, your analysts immediately identify this as “out
of the norm”, and begin their investigation into the "why".
Trending - A way to increase your customer value, and find hidden gems.
As a Security Analyst, I witness very sophisticated Advanced Persistent
Threat (APT) attacks as well as low level cyber criminals attempting to steal
bank information, credit card data and website login credentials. One
commonality that the cyber criminals and the APT share is the method for
gaining access to information, which typically occurs through an end users
email. When it comes to the criminal element of cyber attacks, I am often
amazed at the lack of sophistication and effort that is asserted against
their victims. It leads me to ask the question, "How on earth are these... (more)
It has been almost a week now since DeepIntel 2012, a conference focused on
Security Intelligence, has wrapped up and I cannot help but think; "Why is
this the first conference of its kind?"
DeepIntel, a conference covering Security Intelligence using several
different approaches, managed to effectively deliver the information both in
its speakers and in its audience participation. With the attendees intimate
proximity to the speakers, those at DeepIntel were not only involved in the
talks, but were integral in the initiatives introduced at the conference.
I would say that DeepIn... (more)