HomeSecurity Labs › About Security Labs

About Kindsight Security Labs

Team of security experts with strong backgrounds in malware analysis and network-based intrusion detection

Kindsight Security Labs header

Cybercriminals use polymorphic techniques to generate thousands of variations of each malware, but rarely modify the underlying command and control protocol. For example, there are thousands of different varieties of the Zeus Banking Trojan which all use the same network communications protocol.

That’s why Kindsight Security Labs focuses on the behavior of malware communications to develop network signatures that detect current threats with low false positives. This signature set provides thorough coverage with a manageable number of signatures to form the foundation of Kindsight Security Analytics and Kindsight Security Services.

To accurately detect that a user is infected, our signature set looks for network behavior that provides unequivocal evidence of infection coming from the user’s computer. This includes:

  • Malware command and control (C&C) communications
  • Backdoor connections
  • Attempts to infect others (e.g. exploits)
  • Excessive e-mail
  • Denial of Service (DoS) and hacking activity

There are four main activities that support our signature development and verification process.

  1. Monitor information sources from major security vendors and maintain a database of currently active threats.
  2. Collect malware samples (>10,000/day), classify and correlate them against the threat database.
  3. Execute samples matching the top threats in a sandbox environment and compare against our current signature set.
  4. Conduct a detailed analysis of the malware’s behavior and build new signatures if a sample fails to trigger a signature

As an active member of the security community, Kindsight Security Labs shares this research by publishing a list of actual threats detected and the top emerging threats on the Internet, writing Malware Analysis Reports, blogging on security issues, and following industry news.

Key Team Members

Kindsight Security Labs brings together strong backgrounds in malware, security, and networking.

Kevin McNamee, Security Architect and Director, Kindsight Security Labs

With over 30 years of security and networking experience, Kevin was Director of Security Research at Bell Labs and also held security development and design roles at TimeStep, Milkyway Networks, Newbridge Networks, and Alcatel-Lucent.

Darren DeRidder, Senior Mobile Security Developer

Darren has 15 years of experience in development and design for network-based security and telecommunications products at Bridgewater Systems and Matrix Development.

Paul Edwards, Head of Security Signature Development

Paul has 20 years of experience in security and telecom design and development for network-based security appliances at TimeStep, Newbridge Networks and Alcatel-Lucent.

John Morris, Principal Security Researcher

With over 25 years of security and development experience, John was the Malware Team Lead at Nortel and managed an applications development team at Bell-Northern Research (BNR).