Advertisement

Security companies give public free way to sift through malware research

Comodo and Check Point Software Technology are giving away their research — and in Comodo's case, the tools used to conduct it, as well.
(Getty)

Cybersecurity companies spend a lot of money on their research and the infrastructure they build to conduct it, so it’s counter-intuitive that they would give it away — but that’s exactly what two of the biggest firms are doing this summer.

Comodo recently announced Comodemia, a program that would make its vast database on more than 120 million malware incidents — and the analytics engines used to mine it for insights — available online for university, government, and nonprofit researchers and educators.

“Many researchers currently spend the majority of their time building the tools and the environment they need to do code compiling, malware analysis, phishing detection … It can take months before the real research can even begin,” explained Fatih Orhan, Comodo’s vice president of threat labs. “That’s where we can offer a benefit.”

A list of features Comodemia would offer include:

Advertisement
  • “A feed, accessible in realtime of all the threat data we collect [anonymized, from millions of customer endpoints worldwide] and an [application programming interface, or] API that [researchers] can use” to mine it for and visualize historical or geographical or other patterns.
  • A platform called Valkyrie “that researchers can use to run malware analysis.”
  • “Our very sophisticated web segmentation and classification technology.”
  • A curated list of possible research topics, “One of the problems academics have is finding a research topic that industry needs to know about. Of course they can Choose their own topics if they want, but we think this list is a good contribution from Comodo.”

Orhan said providing that environment meant research which previously would have taken more than a year to complete can now be finished in months.

Advertisement

Check Point Software Technologies also unveiled a new portal last week, saying they wanted to make all of their research available in a single place, organized and searchable so as to offer the greatest utility.

“We wanted to make sure it was available  to the community in as user-friendly a fashion, as transparently, as we could,” explained Peter Alexander, Check Point’s chief marketing officer. Before, “it was all in different places … We weren’t highlighting our independent research.”

“It’s not altogether finished,” Alexander acknowledged, saying they were working on the search function and investigating a portal where researchers could submit malware samples for analysis, like Comodo’s Valkyrie platform.

“Building out the search capability is an ongoing process and it will get richer and better” as it goes on, Alexander said. He added that any portal where researchers could submit malware for analysis needed to be guarded in some fashion, to avoid letting hackers use it to refine their malware . “That is the downside,” he said, “A portal will require login or some other protection … we’re looking into that.”

For the time being, Alexander said, the research portal would allow researchers to “quickly gain insight” into a new threat. “There will be deep dives into technical issues for the super-techies,” he said

Advertisement

Alexander said the company — which employs hundreds of researchers — was open to partnering with “anyone who has research to bring to the table.”

“We are looking at other data sources including other companies,” he said. The only rule, he added, was “No advertising … No product promotion, it’s not a marketing site.”

Comodo also insist that their effort is not a marketing drive, but Orhan acknowledged they hope the whole cybersecurity community will benefit from the research they facilitate. “The research [academic researchers] are doing is deeper … often better than we could do ourselves,” he said. “We could hire 1,000 engineers and not be able to research everything that we and our customers need to find out.”

One academic who’ll be using the new service is Yanfang “Fanny” Ye, an assistant professor at the Lane Department of Computer Science and Electrical Engineering at West Virginia University. Ye, a former Comodo employee, helped start work on the program when she was still at the company, and believes it is a great way for academics to “stay up to date with industry research priorities.”

The Valkyrie platform is unique, she said, and will be “widely used … It will have broad impact.”

Latest Podcasts