Report Open Access

Malware Analysis Management

Kapoor, Shivam

CERN is constantly being targeted with malware, with email being the primary attack vector. The CERN Computer Security Team in collaboration with the CERN Email Service Managers have deployed many in-depth measures in order to minimize the number of malicious emails reaching the mailboxes of CERN users. The cornerstone of this strategy is the use of FireEye EX1 email security appliances. These appliances are performing behavioural analysis of all email attachments by detonating them inside a sandboxed environment and simulating user activity. 

The malicious attachments are being quarantined based on the traces of malicious activity detected once they are opened. Still, this is a very quick analysis that does not offer a complete picture of the entire malware activity. 

The goal of this project was to design, implement and deploy a framework for the automated analysis of quarantined files.

Files (2.0 MB)
Name Size
Report_Shivam Kapoor.pdf
md5:4e580ef0f71d113e1545ec1320d6cc42
2.0 MB Download
266
1,302
views
downloads
All versions This version
Views 266266
Downloads 1,3021,301
Data volume 2.6 GB2.6 GB
Unique views 246246
Unique downloads 1,2161,215

Share

Cite as