There is a need for vendors to have a catalogue of known viruses so that they can profile them and share their knowledge with others. The Threat Intelligence Department always take samples of each known viruses, In this article, I willl be talking about Threat Intelligence in Network Security.
They look at the signature to see if it matches a virus file. The viruses when they are discovered are added to the known virus list. They are added to the known viruses list. The updates are done regularly and in a variety of ways. In this article, I want to talk about the Threat Intelligence Service in Network Security.
The updates are done monthly, quarterly or once a year. As malware developers gain expertise, the malware becomes more sophisticated. They now include a mechanism that allows them to bypass the signature list for viruses.
The malware now has the ability to change file contents so that they will not be detected. This allows the malware to avoid the antivirus family. This allows a single malware to change characteristics and have attributes of multiple malware.
Those types of malware are known as polymorphic malware. There was also the development of Malware as a Service which has cybercrime as their major focus.
Because malware is developed in a hundred of thousands on a daily basis, the idea of using signature and footprint based detection cannot scale through. Because signature-based malware detection cannot work, there was the introduction of Sandbox products.
This now takes a suspected file and placed it in an environment where its behaviours can be closely studied. If the file does something malicious while in the sandbox, it is flagged as malware. This is also known as heuristic detection. This is also used by vendors to discover different Samples of Polymorphic malware.
With the development of Sandbox, new malware is discovered. And the knowledge gained and the discovery can now be shared with other Network Security Professionals. These details can also be sent to the Vendor Threat Intelligence Service.
This can now be shared with more vendors so that more people can be protected. The future of detecting previously unknown malware includes Threat Intelligence Services. This makes use of Artificial Intelligence and Machine Learning.
The Threat Intelligence Service also keep knowledge about files, existing threats and emerging attacks on the network. It also keeps a record of the specific mechanism of the attack.
It also keeps records of the evidence that the attack has happened also known as Indicators Of Compromise. It also keeps records of implications as well as the attributes of the attacks as well as the potential motivation for such attacks.
The techniques used by bad actors continue to evolve and become more sophisticated. This is why it is now more important to share threat intelligence in real time across the entire network security environment.
If the information is shared in real time, it will allow the entire network security community to guard against such attacks. Security services and threat intelligence services that can act together in real time stands the best chance of stopping attacks from bad actors.
There is a sharing of security threat intelligence among almost all vendors. This happens through formal membership of both national and international organisations and alliances such as Cyber Threat Alliance, National and International Computer Emergency Response Team as well as numerous partnerships between different vendors.
This idea of sharing allows for collaboration among vendors because no single vendor has all the data. Fortinet has Fortiguard Lab.
They have team members across about 10 security disciplines. They are always seeking new avenues of attack every day. This allows them to discover and guard against emerging threats. They provide comprehensive security services against emerging threats. This covers the full range of Fortinet Security solutions.
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.