Picking Apart Malware In The Cloud May 21st, 2012

Most companies are happy blocking malware at the perimeter, catching it when it tries to infect a system, or -- as a last resort -- quarantining it when it compromises a computer.

Yet, increasingly, companies are looking at malware as a source of intelligence to learn more about the threats they face. Rather than block-and-forget, security teams aim to find out more about the attackers, discover the extent of a compromise and keep apprised of the latest attacker techniques.

"Companies ask these questions because they want to know how it got in their network, if it did, but they also want to know if they have to worry about the malware or can they just wipe the system," says Lenny Zeltser, an information-security professional who teaches courses on malware analysis for the SANS Institute.

To get answers, companies need to analyze the malicious programs for clues. For malware analysis, companies have historically had three options: Create their own malware laboratory using open-source software, buy a commercial system, or hire consultants to do the analysis.

Creating a malware laboratory and training personnel can take a great deal of time and resources. A commercial system makes lab creation a snap, but does not solve the shortfall in expertise, while hiring a consultant can become expensive quickly.

For companies that are looking for a simpler option, service providers are offering malware analysis in the cloud. When a firm encounters a suspected piece of malware, they can upload it to a managed or cloud service and get an automated report back detailing the program's behavior.

"Finding out what the threat is can be very important depending on who you are and what kind of information can be stolen," says Joe Stewart, director of malware research for Dell SecureWorks, which offers analysis as a service.

[Nearly half of all malicious programs attempt to communicate out to the Internet in the first minute. Companies need to listen more closely to their networks.]

In other cases, companies want to analyze large volumes of malware -- say, every potential malicious program that hits the gateway. Most firms don't have the infrastructure nor the expertise to handle the load, says Dean Debeer, chief technology officer of ThreatGRID, a firm that specializes in malware analysis and intelligence.

"There comes a point when the volume is so large that it doesn't allow the team to be effective or actionable in the right way," he says.

Companies can plug the results of analysis directly into other security systems to better inform defenses, says Debeer. "You are limited in your ability to use the data only by the capabilities of the security team and the infrastructure you have in place," he says.

Malware-analysis-as-a-service is not for every business. Companies with particularly sensitive data will likely not want to export the information outside their firewall.

"Companies that are particularly sensitive to having malware on the network, or who don't want other people to know who is attacking them will want an internal analysis lab," says Robert Day, vice president of marketing for ValidEdge, which makes a commercial system for malware researchers and incident response teams.

The company's appliance can analyze about 10,000 samples each day, while a specially equipped laptop aimed at incident response teams can handle about 1,000 samples a day. Given a malware sample, ValidEdge produces a source-code map, a behavior map and a score as to the risk that each operation presents.

Whether they build or buy the capability to analyze malware, companies need to find ways to better understand the attackers that have targeted their networks, says Zeltser.

"There is a whole lot of malware out there that people keep finding," he says. "And in cases I see organizations that don't know what to do with malware. They run an antivirus tool and hope it cleans it, but they don't have the ability to answer important questions."

OwnCloud puts data in IT’s cloud of choice May 21st, 2012

Everyone seems to love Dropbox, the cloud storage service that claims 50 million users. The problem with Dropbox is its consumer focus, which gives IT departments heartburn. That’s why the hunt is on for a “Dropbox of the enterprise” which would offer the security business customers want with a great interface so that end users will actually use it.

OwnCloud 2012, now available, takes direct aim at those IT pros — although not with a storage cloud of its own. Instead, ownCloud software runs customer their data centers to provide an easy way to move data to and manage it in whatever storage cloud — Amazon, Google, Microsoft, whatever — they prefer. The other half of the puzzle is it promises end users an easy (dare I say Dropbox-like?) experience and gives them access to their data from their PC or mobile device.

OwnCloud 2012 supports Linux, Windows and Mac desktops as well as iOS and Android mobile clients. (There is no support for Blackberry, Windows or Symbian mobile phones.)

OwnCloud’s software runs in the company data center so IT can upload the data to and manage it in whatever cloud they prefer, said Markus Rex, CEO of the company and a former SVP of Novell’s SUSE Linux business unit. True to his open-source roots, ownCloud has been available as a free product — this is the first commercial release.

All data into and out of ownCloud can be secured with HTTPS and can be encrypted at the OS level. Finally, companies can lock down their ownCloud software appliance or the server it runs on anyway they like and integrate it with whatever intrusion detector or other security tools they have in place, a spokesman said.

Rex acknowledged his company’s debt to Dropbox which sparked a spate of enterprise-focused competitors. “We’re mimicking the Dropbox user experience. They certainly created a market for something the world didn’t know it needed. We want to have that user experience but also let IT departments leverage their own data center and security models,” he said.

Not just iPhone, but iPad too uses Wi-Fi more often May 21st, 2012

With unlimited data plans soon to be history, it seems Wi-Fi will soon become key to the growth of not just iPads, but also iPhones. A survey released by ComScore shows that of smartphone owners in the U.S. and U.K., iPhone users are far more likely than their Android-toting counterparts to take advantage of Wi-Fi networks when available.

The study shows that in the U.S. 71 percent of iPhones and 32 percent of Android phones connect to Wi-Fi and cell networks. In the U.K., the divide was a little narrower: 87 percent of iPhones and 57 percent of Android phones connect to both types of networks.

ComScore points to increasingly scarce spectrum and, of course, carriers moving away from unlimited data plans as reasons for this behavior:

“The scarcity of unlimited data plans and higher incidence of smartphone pre-paid contracts with a pay-as-you-go data model likely contributes to data offloading among users wanting to economize their mobile usage. In addition, the current lack of high-speed data networks in the U.K. might also lead users to seek out higher bandwidth capacity on Wi-Fi networks. In the U.S., the increased availability of LTE, 4G and other high-speed data networks currently make it less necessary for smartphone users to offload, but it’s also possible that the diminishing availability of unlimited cellular data plans will eventually push more usage to Wi-Fi.”

Wi-Fi’s popularity among mobile devices isn’t limited to iPhones: Tablet users are overwhelmingly in favor of Wi-Fi use too. Two weeks ago mobile analyst Chetan Sharma released a report noting that in 2011, more than 90 percent of tablets in the U.S. connected to Wi-Fi instead of mobile broadband. While sales of tablets shot up last year, the percentage of 3G- and 4G-capable tablets stayed relatively low. And it’s safe to assume that the iPad is what we’re talking about when it comes to tablets: It accounted for roughly two-thirds of all tablets sold in the U.S. in 2011.

So while iPhone users are relying heavily on Wi-Fi, so are iPad users. It’s not clear what exactly accounts for the difference in behavior between iOS and Android users — it could be something as simple as that Wi-Fi is just easier to set up on iOS devices.

But it also may have something to do with the amount of content users are downloading. And with the new iPad, it’s likely that this reliance on Wi-Fi will only increase. Its shiny new high-definition display makes watching videos on it easier on the eyes than ever — and that can eat through monthly data plans pretty quickly.