I have mentioned many times how Malware Management is a much needed practice for improving an Information Security program and your Security Operations team. If you want to begin hunting and find malware in your environment, you must first learn what and where to look as far as artifacts and IOC's.
It is not just me suggesting you do this, it can also be found in the industry's leading information security framework standard ISO 27002. Below is an excerpt of the standard discussing the need for Malware Management.
A.12.2.1 Controls against malware
j) implementing procedures to regularly collect information, such as subscribing to mailing lists or verifying websites giving information about new malware.
In my Malware Discovery training I teach people to go out and read virus/malware write ups, malware analysts reports and IR firms reports to collect the artifacts and IOC's that you can then populate into your security solutions, scripts or detection and response and incident response practices.
So you should consider adding this to your 2016 list of security goals and objectives to spend the one hour a week to research and read the materials available to start a practice of Malware Management.
You can find a list of Malware Reports from some of the more recognized malware campaigns on our websites:
www.MalwareArchaeology.com/analysis
or
www.IMFSecurity.com/malware-reports
And read what and how to do Malware Management here:
The Malware Management Framework
By all means, send us links to other good reports so we can share. Generally You can find these reports discussed or released in Articles from RSS Feeds from many of the vendors who work in the IR space, InfoSec Blogs and many podcasts like "Brakeing Down Security" where I have been a guest discussing the subject.
So don't take our word for it, take the advice straight from ISO 27002 and use this to help justify starting a Malware Management program in your organization.
Happy Hunting
#InfoSec #MalwareArchaeology #MalwareManagement
