Page 9 - index
P. 9
a) I frequently spend a lot of time analyzing a small number of malware samples in great detail,
many of which are already known.
b) I need to quickly scan large numbers of unknown, potentially malicious samples to focus my
defenses on the most urgent threats.
c) My job involves a mix of A and B.
BUILD VS. BUY – TEN QUESTIONS TO ASK
Nature of the Problem
1. How would you characterize the nature of the malware threat to your organization?
Is invasive malware an occasional problem, a frequent nuisance, or a daily distraction? Is it regularly
disrupting critical business systems and processes? Do system downtime and loss of data pose
existential threats to your business?
Are malware attacks isolated or widespread? Are the threats general in nature or specifically targeted
against your organization? What is the average daily volume of unknown, potentially malicious samples
you receive?
Security and Compliance Requirements
2. How would you characterize the nature of your IT security and compliance requirements?
Are your requirements truly unique? What makes them unique? Are they common to others in your
industry? (FISMA/NIST, SoX, GLBA, HIPPA)
What happened the last time you were audited? What kind of improvements would you like to see the
next time you go through the audit process?
What compliance requirements do you have to fix or remediate discovered threats? What do you do in
between audits? If you are not audited, how do you ensure safety?
Timeframe to Productive Usage
3. How quickly do you need to be tackling the malware problem head-on, generating actionable
intelligence to improve defenses and respond to threats with maximum impact?
Do you have the time to develop software tailored to your exact specifications? Can you respond
quickly if your requirements change?
What will you do while the custom solution is developing? Do your stakeholders understand and accept
that results may not come right away?
Expertise to Develop the Right Solution
9 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
