Creating a Malware Intel Sharing SystemSafety in Numbers as Groups Add Threat Data to Knowledge Base
The system, known as Titan, builds on a threat analysis foundation - including a malware repository that analyzes and classifies an average of 100,000 pieces of malicious code daily. Smoak, in an interview with Information Security Media Group, says Titan will be at the hub of a security community that will help create safety in numbers as companies and governments add their threat data to a shared knowledge base.
Members contributing information will do so anonymously so other members won't know which specific organizations have been attacked. "People tend to think that if an organization gets hit, it was because they had poor security measures," says Titan project leader Smoak, branch head for malicious software analysis at GTRI's Cyber Technology and Information Security Lab. "That's not necessarily true, because a variety of factors contribute to intrusions. Until we get to the point that there's no longer a stigma attached to having an infiltration, people are going to want anonymity to participate."
Smoak, in the interview, explains how:
- Titan works;
- The malware intelligence system meshes with efforts of industries' information sharing and analysis centers and computer emergency response teams;
- Organizations can participate in the initiative.
Smoak has more than a decade of security-related experience, including building defensible systems and advanced malware and exploitation research. He directs research efforts geared toward automated, dynamic malware analysis to help detect and mitigate compromises. Smoak has worked to identify common attack vectors and methodologies employed to compromise computer systems and operate undetected. He holds the CISSP certification.