Just a Passing Fad? Fidget Spinners and the Malware Sandbox
When the fidget spinner fad hit last year, my seventh grader was immediately on board and quickly became a fidget spinner snob, boasting about bearing quality and spin longevity. My fifth grader, however, eschewed fidget spinners with the same disdain she has for cellphones. She opined that there is no point to them without an actual need and that the government may be using them for tracking purposes. She’s 11, and I couldn’t be prouder of her cybersecurity instincts — but what if she’s right? What if some of our real cybersecurity staples, such as the malware sandbox, are passé and possibly doing more harm than good?
The Placebo Effect
For the record, I am in no way discounting the important accommodations made to children and adults with diagnoses such as ADHD, autism and other spectrum disorders. With that said, the majority of kids spinning their hearts out in schools have no formal diagnosis, and the infatuation with fidget spinners is similar to the fervor surrounding that infuriating water bottle flipping video. At least the fidget spinner is not making my kitchen a splash zone.
With its popularity, we must consider that the fidget spinner provides a bit of a placebo effect and evaluate its role similarly to how we evaluate our security solutions: Does it actually solve a problem and meet a need, or is it merely offering a semblance of comfort?
As traditional antivirus has given way to more sophisticated endpoint detection and response tools, other technologies, such as log management, have been replaced by advanced security information and event management (SIEM) solutions enabled with cognitive capabilities. Likewise, a traditional malware sandbox running operating system-level analysis can fail when it comes to detecting the latest advanced malware and must give way to more sophisticated, behavior-based technologies.
The necessity to evolve the malware sandbox must outpace the strides made by malware creators. Such tricky behaviors as environmental awareness and time-based evasion in a virtualized malware sandbox environment have been introduced specifically to avoid detection by a sandbox that can only run OS-level diagnostics.
More of the Same Is Still the Same
In July, a collegiate summer league baseball team in southern Ohio and its fans set a record for the largest group of people simultaneously spinning a fidget spinner. It’s worth noting that a New Zealand school attempted to break the record a few days later. Is this a scandal in the making? Did this accumulation of spinners make everyone involved more focused? Probably not, but if you believe that fidget toys can help people focus better, more spinners equal even better concentration. Likewise, more security tools — particularly more of the same solutions — doesn’t necessarily equate to better security. For a single security tool to be effective, it has to be part of broader strategy.
Many cybersecurity vendors tout an integrated portfolio, but few can offer solutions that work together like an immune system to protect the entire organization with prevention, detection and response. A malware sandbox on its own can only identify threats, but not take action. In other words, multiple sandboxes do not mean better protection. A malware sandbox needs to be integrated with a broader security solution to effectively protect the organization.
Don’t Spin Your Wheels on an Ineffective Malware Sandbox
When the inertial force finally winds down and you are assessing your needs for a malware sandbox that can provide behavior-based analysis and work as part of an integrated security immune system, consider trying IBM X-Force Malware Analysis on Cloud. This software-as-a-service (SaaS) malware sandbox solution helps security analysts identify malware with rigorous behavior-based analysis and shortens the time to remediate infections. With the benefit of a scalable cloud architecture, X-Force Malware Analysis can support today’s distributed networks and return results in minutes. Integration with network protection and the X-Force Exchange threat intelligence platform helps analysts keep track of what’s important when it comes to identifying evasive malware.
To try X-Force Malware Analysis for yourself, sign up for the free 30-day trial or watch our on-demand webinar, “Malware Analysis in Minutes: Combatting Sophisticated Malware.”