sss78 - Fotolia
A security startup has new technology that it claims will improve malware detection by monitoring a system's or device's power consumption. How does this work, and is it a viable method of detecting and countering enterprise threats?
PFP Cybersecurity announced it had a product that would detect malware and zero-day attacks on many different platforms including "SCADA, semiconductor, mobile and network devices." Its product monitors power usage and can detect anomalies in power patterns using "out-of-band, physical-layer approaches." For systems that have sensitive power profiles or are closely monitored, using variations in power or battery usage is a reasonable way to detect something to investigate. This can be compared to monitoring a network connection to identify changes in normal activity.
PFP's product uses what is called "side-channel attack" detection; an external device monitors power consumption to identify changes in the internal operations. Attacks like these have been used to extract encryption keys to further demonstrate the power of side-channel attacks/monitoring. When encryption or any CPU operations execute, a computer or device needs to use a certain amount of power to perform the computation. The more intensive the computation, the more power used. On systems with predictable power consumption profiles, changes in the power usage could be the result of malware and indicate something should be investigated.
However, it is also important to note that small power variations happen all the time on different types of systems, such as when updates are pushed to systems, during troubleshooting, during peak usage and so on
The PFP security tool may be useful in controlled environments, but would not be appropriate for general enterprise usage (and PFP doesn't suggest it is). The tool may require significant tuning and monitoring, but in a setting where endpoints can't be changed or are difficult to otherwise monitor, PFP Cybersecurity's tool could be valuable.
Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)
Learn the latest malware defense best practices
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading