Malware infections are among the most frequently encountered threats in computer security. According to the “ENISA Threat Landscape Report 2017” some antivirus vendors detected more than 4 million malware samples per day and more than 700 million samples in Q1 2017 alone.
These stunning numbers underscore the importance of establishing an incident response plan for malware. However, security teams can’t handle all malware alerts at once. The National Institute of Standards and Technology (NIST)’s “Guide to Malware Incident Prevention and Handling for Desktops and Laptops” outlined steps organizations can take to develop a malware classification scheme to prioritize these incidents.
The analysis phase in an incident response plan involves identifying and understanding the type of malware that was detected. The outcome of this process is then used as the input for the actual malware classification.
