Access your Pro+ Content below.
Malware analysis tools and techniques failing but researchers aim for improvement
This article is part of the September 2012 issue of Information Security magazine
Hardened cryptographic algorithms and other defensive capabilities are making reverse engineering and analysis increasingly difficult for malware researchers. But some researchers are putting increased vigor into creating tools to bolster malware analysis and in turn create better security technologies. Security researchers attending the 2012 Black Hat Briefings acknowledged that the industry is failing to better understand the capabilities being deployed by malware authors. That lack of understanding is resulting in less than stellar security technologies, says Rodrigo Branco, director of vulnerability and malware research at Redwood City, Calif.-based Qualys. Attackers are penetrating corporate networks because they are consistently evading security defenses with sophisticated methods, Branco says. Meanwhile, enterprises are not stepping up to invest in staff to isolate and better analyze incidents. "It's amazing to see that an industry that is 15 years old maybe even more has not documented the techniques that it is fighting ...
Features in this issue
Understand how cross-site scripting attacks work and how to prevent them.
Malware analysis is falling short but some security researchers are working to reverse the trend.
Know the pros and cons to cloud-based security services before making the leap.
Mobile applications are proliferating in the enterprise, posing new risks to enterprises and requiring mitigation.
Columns in this issue
Security expert Marcus Ranum goes one-on-one with Alex Hutton about the problems with security metric efforts.
Veteran security journalist reminisces about covering the industry and says farewell to TechTarget.
Security pros need to understand the total costs and potential ROI of BYOD policies.