The need for such internal malware analysis capabilities has become increasingly important, says Matt Allen, a technology and forensic analyst with the firm’s SandBox & Technology team.
“Companies are being targeted and they need to have immediate intelligence”, he recently told Infosecurity. “They need to figure out what information has been accessed or stolen” in the event of an attack, he said, noting that organizations of all stripes are now getting into the malware analysis game.
Allen recalled that back in 2006, most companies with internal malware analysis capabilities – and therefore able to assess immediate threats – included only the internet service providers (ISPs) and largest Fortune 500 companies, most with over 10,000 employees. But in recent years he has witnessed medium-sized organizations (1000–5000 employees) get into the malware analysis game.
Allen’s company, Norman ASA, provides what he calls “malware analysis platforms in-shop” for organizations that lack internal expertise in forensic malware evaluation, yet still have a need to analyze such threats.
The company’s latest malware analysis platform was designed to put easier-to-understand tools into the hands of organizations with fewer resources, while achieving a balance with quality forensic analysis. He says it was in response to potential customer feedback over the last three to four years, which advocated for a less complex yet robust malware analysis platform. It’s a reflection of the ‘doing more with less’ mantra that has been repeated endlessly over this timeframe.
But what are the benefits of increased malware analysis for medium-sized organizations? “More intelligence, quicker” Allen responds. He says many companies without this capability can take up to three to four days, or upwards of a week, to analyze what is floating around on their networks – waiting to hear back from external analysts working on a contract basis.
“By that time, the bad guys have covered their tracks”, Allen warned.
Another type of smaller organization that can reap benefits from in-house malware analysis is government entities, which he reminded us – for various reasons – can’t always share their malware samples with analysts outside the organization.
He said firms offering these less complicated malware analysis tools, complete with user dashboards, have seen a decided uptick in business over the past few years, and will likely only accelerate as concerns about advanced persistent threats (APTs) continue to be on the agenda of any organization with valuable proprietary data. And while the average home user would likely be confounded by such forensic tools, Allen says most medium-sized organizations already have the IT team in place with the requisite knowledge to make good use of these platforms.
“A typical IT team will understand the ramifications of the behavior we are reporting on, so the threshold is very low”, he concluded.