sss78 - Fotolia

Get started Bring yourself up to speed with our introductory content.

How does the PFP Cybersecurity power consumption tool detect malware?

A new tool claims to detect malware by monitoring power consumption -- but is it good for enterprise use? Enterprise threats expert Nick Lewis explains.

A security startup has new technology that it claims will improve malware detection by monitoring a system's or device's power consumption. How does this work, and is it a viable method of detecting and countering enterprise threats?

PFP Cybersecurity announced it had a product that would detect malware and zero-day attacks on many different platforms including "SCADA, semiconductor, mobile and network devices." Its product monitors power usage and can detect anomalies in power patterns using "out-of-band, physical-layer approaches." For systems that have sensitive power profiles or are closely monitored, using variations in power or battery usage is a reasonable way to detect something to investigate. This can be compared to monitoring a network connection to identify changes in normal activity.

PFP's product uses what is called "side-channel attack" detection; an external device monitors power consumption to identify changes in the internal operations. Attacks like these have been used to extract encryption keys to further demonstrate the power of side-channel attacks/monitoring. When encryption or any CPU operations execute, a computer or device needs to use a certain amount of power to perform the computation. The more intensive the computation, the more power used. On systems with predictable power consumption profiles, changes in the power usage could be the result of malware and indicate something should be investigated.

However, it is also important to note that small power variations happen all the time on different types of systems, such as when updates are pushed to systems, during troubleshooting, during peak usage and so on

The PFP security tool may be useful in controlled environments, but would not be appropriate for general enterprise usage (and PFP doesn't suggest it is). The tool may require significant tuning and monitoring, but in a setting where endpoints can't be changed or are difficult to otherwise monitor, PFP Cybersecurity's tool could be valuable.

Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)

Next Steps

Learn the latest malware defense best practices

This was last published in July 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal