What is challenging malware analysis?

OPSWAT announced a report which reveals that nearly every organization struggles with malware analysis. Specifically, 94% of organizations are challenged to find, train, and retain malware analysis staff.

Furthermore, 93% of organizations are challenged by malware analysis tools that lack automation, integration, and accuracy. Consequently, over 20% of organizations reported they were unable to investigate and resolve a majority of their malicious files or alerts. The report also found that 99% of organizations would benefit from additional capabilities for malware analysis.

“Malware analysis is a critical capability for management teams that want to move beyond check-the-box compliance programs and toward proactive threat management and incident response programs,” said Benny Czarny, CEO at OPSWAT. “To stay ahead of sophisticated adversaries who are targeting critical infrastructure, organizations are undergoing a transformation to stay ahead of these attackers.”

Evidence from the report suggests that malware analysis is maturing as a business capability since nearly half of the organizations have a dedicated malware analysis function and more than half report intermediate capabilities, which would include sandbox tools for threat detection. However, nearly every organization struggles with the human element of malware analysis and the technical limitations of their existing solutions.

The state of malware analysis

• Organizations are challenged to find, train, and retain malware analysis staff – The top challenge related to recruiting new staff is that there are not enough candidates with the right skills. As a result, the overwhelming majority of organizations rely on training their employees to acquire talent for malware analysis, even as half complain that it is difficult to find effective training programs. Furthermore, these organizations acknowledge their malware analysis function is understaffed – more than half reported staff burnout in the past 12 months, and more than half reported that their existing staff was being aggressively recruited.
• Malware analysis tools lack automation, integration, and accuracy – The greatest challenges with malware analysis tools are a lack of automation and tools that are not integrated. Without these capabilities, malware analysis can become a time-consuming and error-prone manual process across multiple disparate tools and disconnected workflows. In fact, the most important factor when evaluating malware analysis tools is accuracy – less than one-quarter of organizations are very confident in their ability to identify, investigate, and resolve malware threats.

“The challenges that organizations face with malware analysis is incredibly overwhelming,” said Czarny. “It is easy to see how inexperienced staff, tedious manual processes, and too many malware analysis technical tools contribute to a malware analysis function that can’t even complete half of its workload, leaving organizations vulnerable to attacks.”