Security experts told CRN that malware detection requires more than just quarantining an infected system and then reimaging it. Antimalware researchers use forensics malware tools to reverse-engineer advanced threats to determine their capabilities and attempt to pinpoint their origin.
Pete Lindstrom, vice president of Spire Security, said an alert generated by the FireEye system may not necessarily indicate a malware infected system because FireEye doesn't replicate all the images in the business. Understanding the alerts requires an experienced threat team that can determine what needs addressing quickly and what can be ignored, he said. Companies also find that they need additional software to handle the alerts, said Rick Holland, a senior analyst at Forrester Research. Mandiant integrates workflow to help responders understand the extent of an incident, Holland said. Guidance Software also provides a connector to its EnCase Cybersecurity platform to prioritize incident response.