Intezer - Making Malware Human: A SANS Product Review

Blog

Cybersecurity DNA

Making Malware Human: A SANS Product Review of Intezer Analyze™

Or Fridman
04.12.18 | 2:23 pm
Share:
FacebookTwitterLinkedIn

Alerts can enter an organization at inconceivable rates. Security teams are tasked with sifting through hundreds, if not thousands of alerts per day, making it difficult to prioritize files without spending resources, in the form of time, and reverse engineering and analysis efforts, on false positives. While this is acknowledgedly a significant challenge posed to security teams during the present time, the reality is many organizations lack the capability to automate their analysis and response efforts.

Security teams are finding gaps in visibility that may hinder their ability to correctly prepare for, scope, and respond to incidents, from nation state-sponsored attacks to adware. Malware analysis, in particular, is difficult to scale at high volumes, and tools must play a part in any incident response strategy.

I had the opportunity to work with Matt Bromiley, a digital forensics and incident response instructor at SANS, to discuss Intezer’s Genetic Malware Analysis capabilities, and how we are applying the concept of code reuse to automate malware analysis. Our product, Intezer Analyze™, dissects files into tiny pieces of binary code, or what we call genes, and compares the code similarities to other pieces of legitimate and malicious software located in our genome database. This experience was particularly exciting for me, as it provided me with the opportunity to demonstrate to an experienced professional like Matt, who in addition to serving as a SANS instructor performs incident response consultant work for small and large enterprises, how Intezer Analyze™ is leveraged by security teams to accelerate investigation time, and classify and respond to a greater amount of alerts.

Matt details his findings from working with Intezer Analyze™ in a 12-page report, which can be accessed here.

The full report examines:

 Intezer’s approach to malware analysis and the evolutionary, biological
principles guiding the company’s technology

Using Intezer to find links between malware and threat actor campaigns

How information security teams can use Intezer to gain insight into their threats

How Intezer can integrate with your incident response (IR) and security
operations center system (SOC) workflows to provide automated and integrated
malware analysis and decision making

Matt and I also sat down on November 29 for a SANS webcast titled The Human Side of Malware, to discuss the human element of malware and the importance of code reuse. During the webcast I use our technology to analyze the code of BadRabbit ransomware. Additionally, through the example of RawPOS, a successful card-scraping malware family used frequently between 2008 and 2017, Matt investigates if Intezer Analyze™ can qualify the malware as malicious, and tie together two tools from the same threat actor to build out the profile of a campaign.

To watch a recording of the webcast, please visit https://www.sans.org/webcasts/finding-human-side-malware-109005.

On behalf of Intezer I invite you to try the free community edition of Intezer Analyze™. Users of the community edition can:

Upload up to 10 suspected files per day

Detect code reuse in both trusted and malicious software

Obtain new insights and information about malware families and threat actors

For more information on Intezer Analyze™ and how our unique Genetic Malware Analysis technology can help your organization accelerate its incident response time and reduce risk, please feel free to email contact@intezer.com.

About us:
Intezer introduces a Genetic Malware Analysis approach, offering enterprises unparalleled and accelerated incident response.

Intezer provides a fast, in-depth understanding of any file by mapping its code DNA at the ‘gene’ level — offering the most advanced level of malware analysis. By identifying the origins of every piece of code, Intezer is able to detect code reuse from known malware, as well as code that was seen in trusted applications. For more information, visit https://www.intezer.com/ or follow us on Twitter at @IntezerLabs.

By Or Fridman

Or has 10 years of experience in Development and Product Management roles. Previously Or was a product manager in the IDF and in CyberArk. Currently, Or is the Product Manager of Intezer Labs.

Register to our free community

© Intezer.com 2018 All rights reserved