Malware Assessment

Malware Assessment Information

Malware assessments are a review and analysis of a sampling of representative workstations and/or firewall/IDS logs to identify whether the risks associated with malware are being controlled to an acceptable level.  Malware Assessments are often a logical byproduct of security incident investigation and remediation.

Work Station Analysis

Malware is a problem in virtually every large diverse environment.  Unfortunately end user behavior coupled with constant malware evolution puts critical information at risk from viruses, worms, trojans, rootkits, dialers and spyware.

Work Station Analysis provides a sampled analysis of the efficacy of current controls intended to protect critical assets from malware:

Key activities include:

  • Consult with members of the system administration and security teams to understand current approach/challenges
  • Review of any relevant security incident reports
  • Sample selection in coordination with security team
  • Credentialed vulnerability assessment of the sampled workstation to garner detailed vulnerability & configuration data
  • Benchmarking of the vulnerability & configuration data against good practice
  • Scanning with as many as three different malware tools that leverage different detection modalities (e.g., signature based, heuristic, registry analysis) to ensure that a comprehensive analysis is performed
  • Analysis against relevant standards, laws/regulations, and prevailing good practice; and,
  • Formal reporting on the process, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.

The predominant benefits realized by a Work Station Analysis are:

  • Provides a high-level of design assurance by looking at the configuration of critical workstations in a comprehensive manner;
  • Findings can be applied beyond sample and optimally focus downstream activities to address malware at an organizational level; and,
  • Allows an entity to identify and address workstation and user behavior deficiencies that may negatively impact the security of key user credentials and provide access to critical applications/data

Firewall/IDS Log  Analysis

Malware is a problem in virtually every large diverse environment.  Unfortunately end user behavior coupled with constant malware evolution puts critical information at risk from viruses, worms, trojans, rootkits, dialers and spyware.

Firewall/IDS Log Analysis provides a relatively quick and painless way to assess the efficacy of current controls intended to protect critical assets from malware at an organizational level:

Key activities include:

  • Consult with members of the system administration and security teams to understand current approach/challenges
  • Review of any relevant security incident reports
  • Gather existing firewall or IDS Logs (or work with client to gather new logs) that include outbound access for subnets being assessed
  • Automated Analysis of logs to identify workstation access to drive by download sites responsible for most malware infections
  • Automated analysis of logs to identify workstation access to known malware Command & Control servers
  • Formal reporting on the process, relevant findings, and mitigation roadmap.

The predominant benefits realized by Firewall/IDS Log Analysis are:

  • Provides a high-level of compliance assurance by looking at the activities of a large percentage of the architecture at a relatively low cost;
  • Findings can be applied beyond sample and optimally focus downstream activities to address malware at an organizational level; and,
  • Allows an entity to identify and address workstation and user behavior deficiencies that may negatively impact the security of key user credentials and provide access to critical applications/data