Simplifying Malware Analysis for the C-Suite and Security Operations

The recent WannaCry ransomware infections demonstrate an immediately known threat, but what about attacks that aren’t immediately identifiable and require deeper malware analysis?

Imagine this scenario: A chief executive officer (CEO) and a chief information officer (CIO) sit and listen in disbelief as they hear that their company was attacked four months ago with damage totaling in the millions of dollars. “How could this can happen?” the CEO asks. “We purchased the best security solutions in the world. We have a fully staffed security team. How is it possible that we were attacked months ago and we’re just finding out now?”

Simplifying Malware Analysis for the C-Suite

It’s a scenario that repeats itself in boardrooms across the globe, and will likely continue until measures for advanced malware analysis are put into place. That’s why it’s important for decision-makers in the security chain of command to understand the answers to the following questions that the C-level executives might ask in the event of an attack:

‘How Could This Happen? We Purchase the Best Security Solutions in the World.’

Cybercriminals also start with the protection capabilities of the best security solutions in the world — but they modify their attacks to evade this very software. It’s no wonder companies need the ability to analyze malicious files that exhibit security-dodging behavior.

‘Why Did It Take Our Fully Staffed Security Analyst Team Months to Detect the Attack?’

Modern attacks are stealthier than ever. Sometimes they do not even generate alerts, and when they do, forensic investigators often cannot locate the events due to the overwhelming volume of events to monitor. It can take analysts several months to discover a breach or a serious infection in their network, if they do at all. Security analysts need tools to give them laser-like focus on malware.

‘How Can We Stop This From Happening Again?’

Today, IBM is pleased to introduce IBM X-Force Malware Analysis on Cloud, a software-as-a-service (SaaS) solution to help you identify malware and shorten the time to remediate a potential infection. With the benefit of a scalable cloud architecture, X-Force Malware Analysis can support today’s distributed networks and return results in minutes.

Even better, there are multiple ways to submit files for analysis, and users can choose the right one for their environment. With IBM X-Force Malware Analysis on Cloud XGS, files that pass into a network protected by IBM QRadar Network Security XGS appliances are automatically submitted for analysis in the solution. Results are then returned, either through the local management software for the XGS or via the IBM X-Force Exchange threat intelligence platform.

The second option, IBM X-Force Malware Analysis on Cloud Workbench, runs on the IBM X-Force Exchange platform itself. This version allows you to manually submit suspicious files through an easy drag-and-drop interface for analysis.

Read the white paper: Evading the Malware Sandbox

X-Force Malware Analysis in Action

In both submission methods, suspicious files are prefiltered against known bad indicators to shorten the time to results. Further malware analysis is done in a private sandbox, where the files are detonated to analyze the behavior of software to determine whether they are malicious. Because the analysis engine looks at the behavior of the file while it is executed, it can tell you, in most cases with a high degree of certainty, if the file is malicious or not.

Because this analysis is done by observing the behavior of executing software, the malware analysis engine can easily identify zero-day attacks that are designed specifically to evade sandboxing technology, attacks that mutate specifically to avoid network and host security devices, and many other advanced methods for obfuscating software.

After analysis, the X-Force Malware Analysis solution will present the results in a clear, easy-to-understand format so they can be viewed and sorted.

Malware Analysis screenshot

The reports make it easy for you to identify characteristics of the attack, such as source IP address, attempted botnet communication and IP addresses of potentially infected endpoints.

Learn More

If you’d like to try the solution for yourself through IBM X-Force Exchange, sign up for the free 30-day X-Force Malware Analysis Workbench trial. If you’re an existing XGS client, try the 30-day free trial for the X-Force Malware Analysis XGS offering.

If you want to know more, read our new white paper, “Evading the Malware Sandbox,” or visit the IBM X-Force  website.

Share this Article:
Greg Abelar

IPS Product Manager, IBM Security

Greg Abelar is the IPS Product Manager for IBM Security Systems. In his current role he is managing the development of IBM Security Intrusion Prevention Appliances. For six years previous to that he was a Technical Marketing Engineer supporting virtual and physical IPS and firewall products. He has authored two security books designed to help customers deploy firewalls and SIEM appliances. Greg has been working exclusively in the security industry since 1996.