It turns out all malicious code exhibits the same basic eight characteristics when being executed. The only challenge then is identifying those characteristics quickly enough to limit any of the harm that code might actually do.
With that goal in mind, TaaSERA today launched TAAS NetAnalyzer, a new security service that identifies malicious code using a security model originally developed at SRI International, the non-profit technology research center based in Menlo Park, Calif.
When any three of the eight malicious code characteristics are detected, the service then sends an alert via a RESTful API to the installed base of security products advising them to isolate that suspected application code. TaaSERA Co-founder and CTO Srinivas Kumar says TaaSERA deliberately opted to wait to identify three characteristics to minimize the number of false positives the service might possibly send to overworked IT staffs.
Led by former PWC Consulting CEO Scott Hartz, TaaSERA includes on its board Governor Tom Ridge, former head of the Department of Homeland Security; Phil Porras, a cybersecurity expert from SRI; and Cathy Neuman, former senior vice president for IBM Global Services.
Kumar says the goal is to reduce the amount of time it takes to remediate a security breach from 14 to 416 days to a matter of hours. This is done using a whitelisting approach combined with both static and dynamic scanning analysis that is fed through AWARE Correlation Engine to quickly identify those breaches in real time. That data is then used to apply integrity scores to various pieces of application code.
The single biggest problem with security isn’t fixing the breach; it’s discovering that the actual breach occurred. In fact, it’s not uncommon for malware to sit dormant on a network for weeks or even months before being activated. Antivirus software simply isn’t up to that task. What TaaSERA is making the case for is a new layer of security to supplement AV software and firewalls that make use of an application behavioral model to identify activity that is common to all malware. Once that activity is identified, isolating and then eliminating that code within most organizations can be accomplished in a matter of minutes.