Malware Analysis Tools Diversify To Address Scale Of New Cyber-Attacks

Dynamic Analysis Solutions Sought To Remove False Positive Triggers

Jeff Orr

Malware Analysis

Cyber security threats are evolving in multiple dimensions. On one axis, organizations are faced with an increased number of attacks. On another axis, the sophistication of attacks is also increasing. Threat actors are rapidly shifting their focus from infrastructure attacks to highly-targeted attacks of key personnel. And they are using phishing campaigns designed to trick users into giving up authentication credentials or install malware unbeknownst to the user.

The scale at which threats have escalated has driven growth for an ecosystem of malware detection and analysis tools to mitigate the risk for enterprise organizations. The demand for malware detection and countermeasures is so great that industry research firm MarketsandMarkets expects the sale and license of malware analysis tools to reach $3 billion in 2019.

See Related: Top 8 Industries Reporting Data Breaches In The First Half Of 2019

Malware analysis tools are typically offered as a solution or as a service. The platform aids security teams in detecting and analyzing malware samples. When identified as malicious, the platforms can further remove the malware from the system to stop further infection. Unfortunately, rules- and pattern-based approaches are resulting in higher levels of false positive triggers, which negates the benefit of reducing human involvement in the verification of malware.

Analysis can be accomplished using static methods, such as rules and matching known patterns. Similarly, the changing nature of malware is matched through dynamic methods, such as human-in-the-loop identification and crowd-sharing. Some malware analysis solutions rely on integration with other security tools to centralize efforts within a SIEM environment. Along with reducing the false positive signals, major growth drivers for malware analysis in the next 5 years will come from the rising requirements of industry and regulatory compliance, and to get a centralized view of threats.

See Related: Market Report - A Centralized Point Of View: SIEM For Better Efficiency And Compliance

Large enterprises are a valuable target for bad actors because of the variety of personnel that have access to sensitive data. Malware attackers are leveraging the variety of enterprise targets to slowly gain access to system resources. In 2017, the NotPetya cyber-attack spread from Ukraine and severely affected the Danish company A.P. Møller-Mærsk, the world's largest container shipping company, creating a loss of more than $200 million. The NotPetya ransomware attack created damages that were estimated to exceed over $10 billion.

The distributed nature of large enterprises – spread across multiple countries and operating facilities – requires a centralized approach to uniformly analyze malware threats and reduce errors that might be introduced through manual processes. Malware analysis and detection solutions help orchestrate the myriad of systems and processes to reduce the threat that malware poses to maintaining the enterprise’s security posture.

See Related: Email Security: The Seismic Shift To Highly-Targeted Attacks