Light Dark
October 26, 2018 By Warren Perez Araya 2 min read
Network
Security Services

In the world of technology, things are constantly moving and changing — and cybersecurity is not an exception. As the good guys get smarter, the bad guys get sneakier and stealthier. This is especially true of malware, which has evolved dramatically in the last couple of years.

We’re now seeing malware with artificial intelligence (AI) that is capable of mutating and even automatically detecting whether it is being run inside a sandbox. Due to this challenge, adoption of malware analysis has been on the rise in recent years. Does this mean that every company should start analyzing malware? The short answer is no.

How to Know If Malware Analysis Is Right for You

There are two main reasons why it may not be the right time for a company to invest in a malware analysis team. First, many enterprises don’t have the resources to build and maintain such a team. Second, there are a lot of companies out there that specialize in malware analysis, many of which provide an on-demand service that generates indicators of compromise (IoCs) and makes them available to the public for free.

For some companies, it may not make sense to have a team dedicated to analyzing malicious code because the business does not specialize in that area. It would be difficult to imagine an energy company investing in a malware analysis team, for example, but that doesn’t mean it shouldn’t use threat intelligence gathered by malware specialists. Even though most organizations don’t have to worry about malware analysis, they all need to worry about their security. Integrating a system that can alert security teams based on IoCs generated by specialized companies is a great way to enhance security on a budget.

Enhance Enterprise Security on a Budget

Publicly shared IoCs are a great resource and can help businesses identify the presence of malware in their infrastructure, despite their inability to analyze malicious code. Ingesting these types of IoCs can help security teams detect malware without analyzing the code itself.

For companies that want to have more visibility into network activity but lack the ability to analyze malware, using what is publicly available and developed by specialized companies around the world could be the difference between a malware infection and a crisis.

 |  |  |  |  |  | 
Warren Perez Araya
SIEM Admin, IBM

More from Network
May 15, 2024

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

August 7, 2023

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

June 23, 2023

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature