Friday, December 27, 2013

CPE: McAfee AudioParasitic: Episode 58: Inverview with SANS’ Lenny Zeltser, part 1/2

length: 00:25:17

Lenny Zeltser background: developer, admin, network – all intersect in security
Then got involved in malware because of interest in malware analysis

Sample sharing: AV community  - closed world – get sample if you know somebody
Nowadays close malware sample sharing is contradiction

Anybody can gather sample

Things that changes for the better:
-          Behavioral signature
-          Company protect their servers more
Things that got worse:
Biggest challenge how to protect the client

End point: anything that has data.
And if the data is valuable – it will become target

Problem with malware naming: high volume & cross pollination
Another challenge:
-          Generic malware identification
-          Difficulty for forensic – need specific information
Most AV company prefer to eradicate malware – make generic detection  – but sometime specific information is needed for legal forensic analysis.

The need of malware writer to go to prison is never so high as now.

When you bring business acumen to malware – that is not good for the good guys

Social engineering: the easiest way to steal someone identity is to ask for it (Jim Walter)

COMMONSENSE is the best AV

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home