Advanced volatile threat detection: New term, old
malware?
Nick Lewis, Enterprise Threats http://searchsecurity.techtarget.com/
Simply put,
AVTs are attacks that are only resident in memory and are not written to disk.
Memory-based malware is inherently more difficult to detect than other malware;
it cannot be identified solely by monitoring the file system. Fortunately,
there are many ways to initially detect something that needs to be examined on
a system, which will make memory-based malware detection easier. The Windows Incident Response Blog
has articles on how to perform memory forensics and malware analysis that could
be used to detect an advanced volatile threat.
Once a
suspicious network flow or account activity is discovered, an investigation can
be done to identify what caused the suspicious activity. Additionally,
monitoring for suspicious network connections can be done without access to the
compromised system. An enterprise should prepare for an AVT by closely
monitoring its systems using anomaly detection techniques and securing its
endpoints.
Memory-based
malware attacks date back to 2002 if not earlier, and antimalware tools have been addressing the
threat of memory-resident malware ever since. So, while the threat is not
necessarily new per se, it is still quite volatile because once a system is
rebooted, any malware resident only in memory will disappear and requires
reinfection of the system to gain access again. Yet reinfection can be easily
accomplished if an infected system on the local network has not yet rebooted.
===============================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
.jpg)
===============================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment