Bright Talk – Automated Malware Analysis – Let the Machines Do the Work! (Mitigating Enterprise IT Security Risks)
As part of Bright Talk’s Information Security channel, I recently gave a webinar on automated malware analysis. Entitled “Automated Malware Analysis – Let the Machines Do the Work!” the presentation can be found here at Bright Talk. Discussing how malware analysis is currently done (which is largely a laborious process involving a combination of static and dynamic analysis), I discussed the risks to an enterprise of continuing to do malware analysis in this fashion. With the possibility of incorrect prioritisation, not enough time per sample, the continuing forensic/anti-forensic battle between malware authors and malware analysts, and the increasing complexity and number of threats with limited resources, the risks are straightforward, and have to be addressed in any organisation that’s serious about their enterprise IT security. One of the best ways to mitigate these enterprise security risks is to use an automated malware analysis platform. Automated malware analysis platforms can mitigate the risk by returning analyses in a minute that would take even a skilled malware analyst twenty to thirty minutes, thereby reducing the amount of time it takes to get actionable intelligence about a particular sample by 95% or more. This allows for a quick turn-around in the event of a malware outbreak requiring incident response (insofar as you can get indicators of compromise much more quickly). It also allows for better prioritisation of incoming malware, better and more accurate results, with the addition of things that you might not get from a human analyst (such as graphs, charts, etc), as well as scalability, with the ability to analyse thousands of malware samples per day. These advantages significantly mitigate the risks of continuing to do malware analysis the “old fashioned” way, and allow an enterprise IT organisation to concentrate their limited resources in the most effective manner.