“Security research is about learning how things work, trying to understand attackers and anticipating their next steps.”
These were the words of Juraj Malcho, ESET’s chief research officer, speaking at a press event in Bratislava, where he discussed the importance of ‘next-generation’ security research in today’s cyber-threat landscape.
“We [ESET] are trying to share this [threat] data with our customers, and there are new ways that we are doing this,” he said.
It’s not just being there and playing with malware, Malcho continued, it’s about going out there and trying to improve the situation of the digital world.
“We are trying to cover a variety of different personas, whether it’s the consumer (somebody who isn’t ‘computer-savvy’) and provide a product they won’t need to do anything with and will not ask questions which you are not ever going to be able to answer if you’re not a computer expert; and then on the other hand we have all of our enterprise solutions where more detailed information is needed and we’re trying to satisfy these people as well.”
For example, one thing that ‘next-gen’ research has been able to show us and others, added Malcho, is that the malware of today is not widespread, but it is being specialized to specific markets, specific countries, specific roles or types of victims.
However, good security research is not done by “magic” he argued; it requires a lot of work to “create a product in a way that is actually usable,” which comes down to these key elements:
• High detection
• Low performance impact
• Ease of use
• Languages
• Platforms
• Tech support