Page 103 - index
P. 103
the sample is a known or unknown malicious threat. Following protocol, the sample may be elevated for
further analysis by the Incident Response Team. The team begins analyzing system changes, network
traffic, targeted data and more that occurred as a result of the sample entering the network.
Cyber security researchers then help isolate, quarantine and remove the malicious code before starting
to correct any system changes the malware may have made.
Finally, with new information, security protocols are revised, systems are updated and vulnerabilities are
addressed to ensure that the corporate IT infrastructure—and its users—are fully protected.
Don’t Try This Yourself
Without Incident Response Teams and automated malware analysis tools, the task to quickly investigate
and remediate a potential threat becomes an arduous—and expensive—task.
Research indicates that one cyber researcher can manually analyze about 3,720 malware samples per
year at a cost of about $35 per sample. Meanwhile an automated tool can process about 145,600
samples per year at a cost of about $1 per sample. Many malware analysts cannot adequately or quickly
identify a suspicious sample. Advanced threats are now engineered to not only elude traditional AV
products, but also to evade detection by users by disguising themselves as familiar files or programs used
on a regular basis.
Malware analysts simply don’t have the tools or the bandwidth to effectively analyze all suspicious files
that target a network each day. The process can take valuable hours, days, or even weeks, time enough
for a worm to inflict significant, even crippling, damage to an organization. Incomplete malware analysis
also increases the chance that a persistent threat may not be completely caught or eradicated or that
currently unknown or unique threats might be identified. Utilizing Incident Response Teams and
sandboxes and other advanced malware analysis tools can reduce the time from identification to
remediation from hours or days to just minutes.
With the threat of malware only getting more advanced, more dangerous and more prevalent, the costs
of protecting your organization are only going to increase. We know enterprise C-level executives are
concerned about cyber security and how it would impact business, but they’re unsure of what to do
next. Introducing them to advanced malware analysis tools and Incident Response Teams will help
ensure their companies aren’t the ones making headlines, for all the wrong reasons.
About the Author
Dipto Chakravarty is executive vice president of Engineering and Products at
ThreatTrack Security, and leads the company’s global R&D and product strategy.
He is the author of two best-selling computer books from McGraw-Hill and holds 11
patents. He holds a BS and MS in CSEE from U. of Maryland and GMP from Harvard
Business School.
103 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
