A Collection of Information Security Community Standardization Activities and Initiatives

Malware Protection

Attackers, ranging from script kiddies to hacktivists to criminals to nations states, use malware to gain access to an organization’s network infrastructure. Once inside the network, these attackers may try to deface systems, gather personal and proprietary information, or deny legitimate users access to resources.

Most organizations deploy anti-virus software, but this approach is not effective against targeted attacks that exploit zero-day vulnerabilities and use sophisticated stealth techniques.

Having a common way to describe malware in terms of its behavior and other attributes, such as the Malware Attribute Enumeration and Characterization (MAEC) language, helps organizations better protect themselves from malware attacks. Malware researchers can more readily integrate and correlate information from multiple static and dynamic analysis tools to create better indicators to detect the presence of malware which can be deployed as intrusion detection system signatures on the network, or as host-based checks using Open Vulnerability and Assessment Language (OVAL) or Open Indicators of Compromise (OpenIOC).

To aid an organization in overall enterprise vulnerability management, malware can be linked to the common vulnerabilities (CVE) or common weaknesses (CWE) that it exploits, the type of attacks patterns that malware automate (CAPEC), and the types of assets/platforms that are risk, e.g., using the Common Platform Enumeration (CPE) or Software ID Tags (SWIDs).