Canada's Digital Spy Agency Releases Free Anti-Malware Tool
Canada's NSA 'equivalent', the Communications Security Establishment (CSE), has released a free malware detection and analysis tool.
This is an area I know little about and would like to know the thoughts from the STEEMIT community. Is this a trustworthy resource?
See below excerpt and links to sources:
" Assemblyline is a malware detection and analysis tool developed by the CSE and released to the cybersecurity community in October 2017.This tool was developed within CSE’s Cyber Defence program to detect and analyse malicious files as they are received. As the Government of Canada’s centre of excellence in cybersecurity, CSE protects and defends the computer networks and electronic information of greatest importance to the Government of Canada. Our highly skilled staff works every day to protect Canada and Canadians from the most advanced cyber threats. Assemblyline is one of the tools we use.
How It Works
Assemblyline is a platform for the analysis of malicious files. It is designed to assist cyber defence teams to automate the analysis of files and to better use the time of security analysts. The tool recognizes when a large volume of files is received within the system, and can automatically rebalance its workload. Users can add their own analytics, such as antivirus products or custom-built software, in to Assemblyline. The tool is designed to be customized by the user and provides a robust interface for security analysts.Assemblyline works very much like a conveyor belt. Files arrive in the system and are triaged in a certain sequence.
- Assemblyline generates information about each file and assigns a unique identifier that travels with the file as it flows through the system.
- Users can add their own analytics, which we refer to as services, to Assemblyline. The services selected by the user in Assemblyline then analyze the files, looking for an indication of maliciousness and/or extracting features for further analysis.
- The system can generate alerts about a malicious file at any point during the analysis and assigns the file a score.
- The system can also trigger automated defensive systems to kick in. Malicious indicators generated by the system can be distributed to other defence systems.
- Assemblyline recognizes when a file has been previously analysed. "
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.cse-cst.gc.ca/en/assemblyline