Contrarisk Security Podcast 0023: M2M and malware detection

» Listen or download now on the podcasts page »

Jon Howes, Beecham Research

Jon Howes, Beecham Research

Machine-to-Machine (M2M) is a domain that includes industrial systems, telemetry, Scada and so on. And while Scada has increasingly become a focus of security concerns, this has tended to concentrate on the the control systems themselves, rather than the entire chain from sensor to control room.

In this episode, we talk to Prof Jon Howes of Beecham Research, author of the recent report ‘Issues and Business Opportunities in Security for M2M Solutions‘. He explains that, for decades, there has been a trend to connect systems together, enabling communications and often hooking these systems up to the Internet. Initially, this was to enable field service support, but the scope has broadened considerably, and this has raised a number of security issues.

“If you do it right,” says Howes, “you can make it quite nicely secure.” But the problem is, are people doing it right?

M2M has become valued for how it can provide data that is invaluable in corporate decision-making. So now the data is crossing boundaries between networks, with all the potential for exploitable vulnerabilities that suggests. But as Howes explains, it is possible to do all this securely – if you’re careful.

Marco Cova, Lastline

Marco Cova, Lastline

In this episode, we also talk to Marco Cova, senior security researcher at Lastline, about the company’s approach to detecting malware in the network. Unlike traditional sandbox analysis, Lastline’s high-resolution malware analysis technology can look at every instruction a program – including malware – is about to execute.

One important benefit of this is the ability to detect many of the evasion techniques used by malware. You can also look at traffic on a network to spot machines infected with malware by looking at the remote endpoint of the communication (and its reputation), at the content (if it’s in the clear), and the malware’s fingerprint. And the system provides anomaly detection on network traffic – eg, beaconing.

Cova explains that malware doesn’t change much in terms of how it does its job. What he finds interesting (and innovative) about malware is the way it tries to get around detection. The Lastline technology uses CPU emulation, and can even fake user activity or other elements of the environment to fool the malware into thinking it’s running on a real system. Lastline claims that, by operating at this low level, it can find malware activity that other systems miss.

» Listen or download now on the podcasts page »

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.