Tuesday, January 27, 2015

The 6 essential tasks for security anaylists

Computer analysis laboratories are not so far from the concept that we usually have of what a laboratory is. They have rooms specifically prepared for research, treatment and documentation, using computers as a study tool. A chemical may need a few centrifuges, while security analyst works with virtual machines. A mechanic bring a toolbox with him everywhere, while a security analyst will use digital services. As you can see, there are lots of similarities between them. So… What are the six main tasks of an infosec laboratory?

  1. To research: to find new creative (or not) ways of dealing with security problems is a cornerstone of their daily work. For instance, looking for patterns that simplify the arduous malware checking process. This is even done by visual techniques, graphical representations of executable files that allow to find code similarities at a glimpse.
  2. To test: To understand how malware evolves , you need to keep your eyes open and be willing to continually face new challenges. Unfortunately this happens when you least expected. For example, you visit a website, and roll out ad blows all your internal alarms. Yes, that’s right! You are facing a new type of adware, aimed at OS X devices, and distributed by a malicious ad that encourages you to download a HD media player.
  3. To document: Okay, you have found a vulnerability or a threat. What do you have to do now? The ‘nicest part’ of the work is to document everything, right? To collect data on the vulnerability of a software like one used by the Chilean government, which allows access to private data and updates remote control shells.
  4. To report: It must be done following security measures and relevant legislation. If a vulnerability affects a specific company’s software, such company should be contacted addressing the issue. If it is a study on the evolution of malware, (internal or external) blogs should be used to keep your users, customers and partners aware. An example of this is the study recently published by the FBI, warning of the increase in the spreading of ransomware which is a lucrative business for cybercriminals.
  5. To minimize the problem as much as possible: When you reporte a campaign like this, you are already minimizing its effects. Sometimes it is diffcult to solve, especially when the Chinese government intervenes. Astrill, StrongVPN and Golden Frog are three popular VPN (virtual private network) services that recently went through a trouble situation to offer their services in that country, presumably due to the Great Chinese Firewall.
  6. To fix: It is essential to find the most effective solution to avoid bad guys exploiting the issue. And no matter how crazy it is, if it works, go ahead. This is the case of Tempest. It was a research we told you about a few months ago. It was able to perform espionage just getting a device next to a computer to listen to the sounds made when processing information. There is no "cure" for Tempest, but this tactic could be fought by rewriting the code in a way that functions were "quieter" or easy to confused with others, up to the point of making them incomprehensible.
Here you have six basic elements that every security analyst should take into consideration every day.


Post a Comment