HP Threat Research Blog Introducing the Bromium Threat Insights Report

Bromium Threat Insights Report

May 8, 2019 Category: Threat Insights Reports, Uncategorized By: James Wright Comments: 0

Introducing the Bromium Threat Insights Report

  • The Bromium Threat Insights Report is designed to share intelligence about the most notable malware that our experts have analysed, and highlight new techniques used by attackers.
  • The report is made possible by customers who have opted to share their Bromium-isolated threats with Bromium.
  • Learn practical and actionable information about how to protect your organisation against emerging threats.

Download: Bromium Threat Insights Report

Truly detailed threat intelligence is difficult for traditional security tools to gather because the primary purpose of most tools is to prevent malware from executing, which is antithetical to understanding all of the features of an attack and the risk it poses to an organisation. It may be possible to retrieve the sample and have it analysed by a SOC team, but this is often a time-consuming and labour-intensive process. The longer the delay to the analyse a sample of malware, the more likely the command and control (C2) servers will have been taken down, making it difficult or impossible to understand the complete functionality of the malware and the attacker’s intentions. This is crucial because sophisticated malware attacks typically consist of multiple payloads, or stages, being delivered to the target’s computer.

Bromium’s isolation gives security teams a useful advantage because it does not block malware execution. Instead, Bromium isolates it safely within a virtual machine, enabling detailed data to be gathered at the point when the user was hit with the attack. The C2 servers are more likely to be running, and any subsequent payloads downloaded by the first stage of malware would still be available. Bromium records and analyses the full kill chain of an attack as the user would have experienced it, while at the same time preventing that attack from having any impact on the enterprise. The best of both worlds.

Beginning with our 4.1.5 release, we have given all our customers an opportunity to opt-in to enable automatic Threat Forwarding through Bromium Cloud Services. You can read more about Bromium Threat Forwarding in this blog post.

As Bromium customers began sharing their rich threat data with us, we have been able to paint a very detailed picture of recent malware campaigns and understand how they work. The Bromium Threat Labs team analyses forwarded threats to learn about the nature of emerging attacks and the dangers they pose to the enterprise.

This enriched analysis is then shared with the customer to give them full visibility. We also publish detailed threat reports through technical deep-dive blog posts, such as our recent articles on Emotet, Ursnif and PONYNET.

To spread this knowledge to an even broader audience, we have decided to start compiling a regular Threat Insights Report. This is a technical publication designed to share intelligence about the most notable malware that our experts have analysed, highlight new techniques used by attackers, and provide practical and actionable information about how to protect your organisation against emerging threats. This isn’t a marketing document, but suggestions on how to improve security based on the data we see.

Download: Bromium Threats Insight Report

The inaugural report covers the discovery of malware distribution infrastructure in the US, talks about the evolution of banking Trojans into more cunning and sophisticated threats, discusses the new methods attackers use for launching malicious payloads, and provides concrete and actionable recommendations for improving your endpoint security.

Are you sharing your threats with Bromium?

All Bromium customers can join our Threat Intelligence and Analysis program. Simply “Enable Threat Forwarding” under “Settings” on your Bromium Controller, and you automatically become a contributor to the dynamic and vibrant community of threat sharers.

Joining the Bromium Threat Intelligence & Analysis Program

Once you enable the share settings, your Controller will automatically upload threat alerts it receives, including the encrypted malicious payloads to Bromium Threat Intelligence Services.

Contributing to the Threat Intelligence program has huge benefits, not only for you and your organisation. The data you share with Bromium is processed, analysed, and shared back with the community of Bromium users, so they can improve security of all their devices – not just the ones protected by Bromium. The more we know about our adversaries, the more prepared we are for what may be coming next.

For a summary of Bromium’s Threat Intelligence and Analysis features, read our solution brief.

About the Author

James Wright
Vice President of Engineering at Bromium

Recent Posts

2021-04-08T10:57:07-07:00May 8th, 2019|Threat Insights Reports, Uncategorized|

Leave A Comment