The Emerging Threats project produces bleeding-edge Suricata/Snort rules for detecting malware and attacks. The project's community of users analyzes malware and creates rules to detect the malware and current attacks before many commercial solutions have detection capabilities available.
Malware analysis can be extremely time-consuming and requires a unique skill set, including detailed knowledge of networking, operating systems, application security, and, often, reverse engineering. HBGary has been advancing this area and making it easier for security professionals to understand what malware is doing by using its Responder, Digital DNA, and REcon tools.
Detecting and analyzing malware is just one aspect of incident response, and it doesn't account for the 24 percent that respondents are spending time on incident response -- the third highest security area security professionals have to focus their time.
One newly minted IT pro responded to the Strategic Security Survey saying, "The people at the top have no idea of what the current threat landscape is like. In fact, when my branch tried to report an intrusion to headquarters, we were told that such a thing could not have happened because the company has a firewall. The level of ignorance is actually stunning."
Having a well-defined and administratively supported incident response plan is critical if companies want to weather an attack. It starts at the preparation phase with training on techniques and tools so that proper identification, containment, eradication, and remediation can take place. At the end of an incident, the lessons-learned phase will help determine where failures may have occurred so they can be fixed and the security team can be more effective the next time an incident occurs.
Being effective at incident response requires more than just having a plan. Actually having the proper tools is important, as is knowing how to use them properly. Solutions like Mandiant Intelligent Response, F-Response Enterprise, and AccessData Enterprise can greatly speed up the process by putting important data at your fingertips. Depending on your company's size, one solution may be a better fit over the other.
The fact is that IT security professionals' jobs are not getting any easier and attacks are increasing. Nearly 75 percent of the IW survey respondents attribute their increased vulnerability to the increased sophistication of threats, while 61 percent see attackers having more ways to attack their corporate networks. Streamlining time-consuming tasks can help security pros focus their efforts in other areas that are lacking.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.