Tech Talk Series: Understanding the New Approach to Countering Polymorphic Malware

Events

Tech Talk Series: Understanding the New Approach to Countering Polymorphic Malware

Date: June 24, 2020 | 1 - 2pm | Location: Virtual


Overview

Polymorphism describes the ability of malware to change appearance such that commonplace signature, hashing and behavioral learning-based security tools cannot react within a kill window of opportunity. Waiting and watching means that defenders must first learn the intent of threat actors before devising a response.

Establishing complete independence from threat actor behavior, coupled with deep visibility, are essential to taking away a threat actor’s first mover advantage. This enables a level of speed, accuracy and automation for changing the asymmetric advantage often held by nation-state threat actors. Control at this level prevents victim zero and all those that can be exploited between detection and dissemination of a code patch corrective action.

Unfortunately, the reliance by most organizations on tools that depend on identification of past techniques or behavioral projections with high false positive rates, continues to give attackers a wide window to execute. A new approach is needed to counter this advanced malware.

This presentation will provide an overview of the risks posed by these threats, gaps in conventional heuristic and behavioral learning-based tools, and new techniques for defense agencies to protect critical applications at runtime in both conventional enterprise and forward-deployed air-gapped systems. Supported by a research paper by Virsec, presentation topics will include:

  • Analysis of the evolution of polymorphic attacks
  • Recent advanced cyberattacks that have exploited these vulnerabilities
  • Gaps in conventional security that can leave organizations exposed
  • Challenges with learning from attacker behavior as a countermeasure
  • Speed and accuracy required for tactical, fully automated response
  • New strategies and technology to detect and defend
  • Killing polymorphic malware without taking down mission-critical applications - “Fighting through the threat”
  • Case studies from government and civilian organizations
About Frank Walsh
Frank Walsh

Frank Walsh manages the Virsec Global Field Architecture Team and all enterprise security integration efforts connected to the Virsec platform. Frank’s experience spans leadership and development roles in design, integration and launch of cutting edge technology solutions used by millions of end-users across the globe. Prior to Virsec, Frank has served as VP of Solution Architecture with Malwarebytes, Director of Technical Account Management with Tanium, Solution Architect with Amplify, Director of Online Solution Development and Senior Software Engineer with Career Systems International. Throughout these roles Frank played a critical role in the design and implementation of enterprise software solutions with hundreds of familiar brands in the Fortune 1000 marketplace.