If you’re an infosec leader, you’re charged with a complex mission that, on the surface, is straightforward: effectively mitigate cybersecurity risks to your organization within the constraints of finite resources. In too many cases, you strain those resources in ways that undermine your ability to continuously improve your organization’s broader security posture — and that creates additional stress for a security workforce that’s already stretched thin.
Given that the threat landscape constantly changes, infosec professionals must consistently strengthen and fine-tune their infosec arsenal. That’s why many turn to file reputation services, which check the reputation of files against extensive, up-to-date malware databases to identify threats and assess potential harm.
How do file reputation services work?
A crowdsourced file reputation service checks files against a set of current anti-virus vendor signatures, while an enterprise-class, private offering checks the file against AV signatures and applies various analysis techniques to the files. Effective enterprise-class file intelligence services continually collect and analyze millions of files daily, classifying malware and even goodware found in the wild to offer up-to-date authoritative information to compare against the files found attached to your emails, on endpoints and in your network.
This information gets accessed through a query interface where files or their hashes can be uploaded for evaluation against the database or through feeds and API calls, where a service’s samples and reputation information are fed directly into existing security products. Advanced features like malware family similarity scoring, malware search and attribute pivot capabilities, and the use of integrated YARA rules, go beyond simple file reputation. These features help security professionals understand the threat of a “file of interest” and derive a meta-view of the malware attack so that response playbooks are executed with greater accuracy and defensive controls are upgraded for higher effectiveness.
File reputation services offer organizations intelligence, granularity and scalability that are prohibitively expensive to create from scratch, much less manage on an ongoing basis. Companies can purchase on-premises or cloud-based file reputation services, depending on requirements and budget. At the end of the day, file intelligence services save your team significant time by providing instantaneous file identification.
This guide will help you avoid seven of the most common mistakes security leaders make when choosing a file reputation service. By avoiding these mistakes, you’ll get better intelligence about potentially malicious files that may already have penetrated your environment as well as seemingly good files that have been later found to be malicious. More important, you’ll also significantly enhance your team’s overall ability to keep your organization safe within your existing budget and staffing constraints.
MISTAKE #1: Undervaluing file reputation intelligence
MISTAKE #2: Inadequately evaluating file analysis capabilities
MISTAKE #3: Using a shared-everything public cloud service
MISTAKE #4: Crowdsourcing does not ensure optimized file sampling
MISTAKE #5: Actually helping the bad guys
MISTAKE #6: Undervaluing integration
MISTAKE #7: Undervaluing service