Third part of the multipart “Defense against malware”The workstations of our malware analysts do not differ from others in Hornetsecurity’s offices, even though the Security Lab is referred to as a “laboratory”. Erlenmeyer flasks, test tubes and Bunsen burners are not to be found, but quite normal computers. The work is done virtually, in sandboxes or by analyzing the data traffic. Nevertheless, the importance of malware analysts should not be underestimated, as it ensures that Hornetsecurity’s defense systems are always as up-to-date as possible and maintain the highest quality standard.
Two different types of analysisTwo ways of analyzing malware are presented in more detail here. In static analysis, the code itself is viewed without executing the malware, while in dynamic analysis, the behavior of the malicious code is tracked in a secure environment.
Stay in touch
Sign up to get the latest News about Cloud Security.
Various possibilities of useThe most obvious application of the data obtained from malware analysis for IT security companies is to improve their defense methods and thus better protect their customers from attacks. To do this, analysts extract certain binary patterns and use them to create so-called Yara rules with which malware samples can be found, categorized and grouped. Behavior signatures applied in the sandbox can detect and categorize certain behavior patterns of malicious code.
- Part 1: Viruses, worms, trojans – aren’t they all the same?
- Part 2: The who’s who of cybercriminals
- Do you already know the Hornetsecurity Knowledge Base? Click here for more information.