Last Updated on November 16, 2023 by InfraExam
As an incident responder and are investigating an incident in which the malware that seems to be targeting a vulnerability has no known signature yet. More specifically, the malware is unknown to the security vendors, who cannot identify it by any existing antivirus or IPS signature. Which tool will a SOC analyst use to analyze behavioral characteristics of this malware?
- Security Onion
- Cisco Secure Malware Analytics (formerly Threat Grid)
|Explanation & Hint:
To analyze the behavioral characteristics of unknown malware that has no known signature, a SOC (Security Operations Center) analyst would typically use a tool like Cisco Secure Malware Analytics (formerly Threat Grid). Cisco Secure Malware Analytics is designed for malware analysis, sandboxing, and the examination of unknown or potentially malicious files. It allows security analysts to execute and observe the behavior of the malware in a controlled environment to understand its actions, communication patterns, and potential threat indicators. This is essential for identifying and responding to previously unknown malware.