Malware Headlines Make Case for Sandbox
With The New York Times recently reporting on the origins of Stuxnet and all the commentary and speculation on the incredibly sophisticated Flame malware, some interesting questions are being raised by my colleagues in the security industry and the journalists covering these threats. There are obviously some serious geopolitical and ethical considerations attached to the reported original intent of Stuxnet. And the analysis of Flame will continue to bring scrutiny to its origin and how security vendors develop solutions to combat these threats.
In the aftermath of any new discovery, there’s debate about which security vendor found what variant of the sample first, if heuristics or definitions are more effective at thwarting these threats, and if traditional antivirus is outmatched when it comes to complex and very well engineered lines of code.
While these questions arise every time a new threat emerges and displays behavior we’ve never seen before, they are the wrong questions to ask.
What we should be asking is this: With increasingly sophisticated malware spreading across the Internet – regardless of its source or original intent – why are enterprises not taking advantage of all the tools available to them to protect their networks? Why are enterprises so slow to adopt sandbox technologies?
Antivirus, firewalls, web filtering, mail security, Mobile Device Management, Data Loss Prevention and other solutions are central components of a layered network defense, and they will remain so into the foreseeable future to defend against the bulk of malware trying to infect us. What we’re increasingly witnessing, though, is how effective sophisticated threats are at exploiting lapses in the technical and human defenses employed by corporations. Enterprises are being targeted with custom-created malware – never intended to be set loose in the wild – developed for the singular purpose of compromising a specific network or even a specific user on that network. The ultimate goal of this malware can range from simply trying to steal customer data to more extreme and damaging cyber-espionage pursuing intellectual property that, if lost, could cripple a corporation and turn a global industry on its head.
It’s Time for all Enterprises to Sandbox
These persistent threats are now the biggest risk to even the most strongly defended networks, making it more critical than ever before that enterprises deploy a sandbox to assess suspected files for malicious behavior and defend themselves against these cyber-attacks.
Already deployed by defense, law enforcement and civilian government agencies, sandbox technology enables cybersecurity professionals to analyze suspected malware in a controlled environment. A sandbox enables users to track how potential malware applications execute, what system changes were made, and what network traffic was generated, without risking loss of data or compromising a network. Regardless of whether or not antivirus detections exist yet for a suspected malware sample, a sandbox enables security professionals to understand exactly what it will do on a network. Armed with this malware behavioral analysis, users can identify malicious files that intend to compromise their networks that may have slipped past their antivirus, firewall and other defenses. This information, in turn, can be used to create custom malware signatures that can be deployed within existing security technologies. Then, a given network is protected without the need of having the malicious file “known” to the greater cyber-community.
Unfortunately, sandbox technology is greatly underutilized in the private sector, where sophisticated malware poses a tremendous threat to corporate networks, particularly in industries such as financial services, healthcare and energy, as well as critical entities like power and water utilities. This is primarily due to lack of training and awareness about sandbox technologies in the enterprise space, and it is why GFI Software is making advanced malware analysis more accessible to enterprise cyber-security professionals.
It’s time for cybersecurity professionals to integrate sandbox solutions into their network defenses and equip themselves with the tools they need to adequately defend against the latest and most sophisticated threats targeting their networks.
Julian Waits is vice president of the Advanced Technology Group at GFI Software. Julian is responsible for GFI Software’s advanced threat awareness solutions, GFI SandBox® and GFI ThreatTrack™, as well as the GFI OEM Partner Program.