Cisco: Serenity Now! A better way to malware analysis.
Over the last half decade the term sandboxing has become so pervasive, many customers I speak to have forgotten what it’s for! Sandboxing is a type of malware analysis – dynamic malware analysis to be exact. You execute a sample / file in a virtual environment and see what happens. There are numerous other types of analysis including static analysis, where we look at the code and compilation of the file, forensic analysis of in-memory activity and patterns on disk, as well as pre- and post-execution analysis of the master boot record. In short, Threat Grid is a comprehensive malware analysis engine.
Recently we showed how it can be used for investigations in this blog. But what if you don’t have time for that? What if you just want to have your security tools automatically submit samples to a sandbox and check if it’s good or bad – and block those bad files? It seems so simple! A few years ago most customers I was talking to were deploying a bunch of expensive appliances on each of their network segments. However, as Frank Costanza said “there has to be a better way!”
Not all analysis are created equal. On one hand you can use a free open source cloud based sandbox. On the plus side it’s free. The downside is all the malware authors use the same free opens source sandboxes to test their malware against. They are designing their stuff to evade these environments.
Read the entire article here, Serenity Now! A better way to malware analysis.
via the fine folks at Cisco Systems.