What are the biggest challenges related to malware analysis today?
One of the greatest challenges is attribution: figuring out not only who wrote the malware, but also who bought and paid for it, and who is operating it. As a whole, the security industry needs to start focusing more on the human threat. The malware is just a tool -- the real threat is the human who operates it.
Another one of the difficult challenges when responding to an incident is the ability to quickly recover actionable intelligence from an unknown, never-before-seen malware infection. Once an organization has been compromised, every second counts. Quickly recovering accurate bits of forensic, artifact data while not overwhelming the user with too much other data is a daunting task. Last, but not least, is the fact that the malware authors are specifically trying to hide from or completely subvert most analysis tools and security countermeasures.
Based on your experience, in an ever-changing and evolving threat landscape, what problems do anti-malware vendors face? How can they overcome these issues?
Traditional signature-based, anti-virus techniques are not well suited for combating the ever-exploding list of daily new malware variants. The A/V industry needs to abandon signatures and move towards behavioral- and capability-based detection. This requires technology that can analyze software at a very low level, and it has to work automatically. Historically, signature- based systems did a pretty good job of detecting specific virus variants. This model quickly has fallen down, though, in the face of so many different malware variations.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.