Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 19 subscribers
  • Views 5732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Analysis

CQC

Can anyone tell me what mal/medfos-K does? The threat analysis pages are completely lacking this info. Let me know if I'm not looking in the right spot.

Suggestion: Sophos should change the detailed threat analysis pages to actually include a description of the threat, what it does, and how the vulnerability can be exploited. That is necessary information to help evaluate the risk and useful to help plan proper mitigating actions.

:55849


This thread was automatically locked due to age.
Parents
  • 0

    Hello CQC,

    first of all - to avoid any misunderstanding: I'm not Sophos.

    the detailed threat analysis pages

    are not as detailed as one might expect or wish. Keep in mind that quite a number of detections are added and updated each day. Most of them have low prevalence and are short-lived. In-depth descriptions would require significant resources but generally not provide much benefit. Do not forget that a detection normally means that the threat has been identified, prevented from doing its work and in many cases automatically been dealt with.

    what it does

    is of academic interest in almost all cases. When a threat can spread from an infected endpoint (over the network or removable media) this is normally mentioned in the analysis.

    vulnerability

    Why do you equate threat and vulnerability (or did I misunderstand you)?

    evaluate the risk ... plan proper mitigating actions

    There are literally millions of threats - you seriously want to evaluate the risk for all of them? If only select ones - why particularly Mal/Medfos-K or the Mal/Medfos family?

    Christian

    :55864
Reply
  • 0

    Hello CQC,

    first of all - to avoid any misunderstanding: I'm not Sophos.

    the detailed threat analysis pages

    are not as detailed as one might expect or wish. Keep in mind that quite a number of detections are added and updated each day. Most of them have low prevalence and are short-lived. In-depth descriptions would require significant resources but generally not provide much benefit. Do not forget that a detection normally means that the threat has been identified, prevented from doing its work and in many cases automatically been dealt with.

    what it does

    is of academic interest in almost all cases. When a threat can spread from an infected endpoint (over the network or removable media) this is normally mentioned in the analysis.

    vulnerability

    Why do you equate threat and vulnerability (or did I misunderstand you)?

    evaluate the risk ... plan proper mitigating actions

    There are literally millions of threats - you seriously want to evaluate the risk for all of them? If only select ones - why particularly Mal/Medfos-K or the Mal/Medfos family?

    Christian

    :55864
Children
No Data
Unfiltered HTML