Creating a Malware Intel Sharing System

Safety in Numbers as Groups Add Threat Data to Knowledge Base
Georgia Tech Research Institute is beta testing a malware intelligence system that research scientist Chris Smoak contends will help corporate and government security officials share information about the attacks they confront.

The system, known as Titan, builds on a threat analysis foundation - including a malware repository that analyzes and classifies an average of 100,000 pieces of malicious code daily. Smoak, in an interview with Information Security Media Group, says Titan will be at the hub of a security community that will help create safety in numbers as companies and governments add their threat data to a shared knowledge base.

Members contributing information will do so anonymously so other members won't know which specific organizations have been attacked. "People tend to think that if an organization gets hit, it was because they had poor security measures," says Titan project leader Smoak, branch head for malicious software analysis at GTRI's Cyber Technology and Information Security Lab. "That's not necessarily true, because a variety of factors contribute to intrusions. Until we get to the point that there's no longer a stigma attached to having an infiltration, people are going to want anonymity to participate."

Smoak, in the interview, explains how:

  • Titan works;
  • The malware intelligence system meshes with efforts of industries' information sharing and analysis centers and computer emergency response teams;
  • Organizations can participate in the initiative.

Smoak has more than a decade of security-related experience, including building defensible systems and advanced malware and exploitation research. He directs research efforts geared toward automated, dynamic malware analysis to help detect and mitigate compromises. Smoak has worked to identify common attack vectors and methodologies employed to compromise computer systems and operate undetected. He holds the CISSP certification.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.