FIRST calls for participants for a new Special Interest Group (SIG) on Malware Analysis

Forum invites stakeholders to get involved in sharing best practice to mitigate malware incidents.

Forum invites stakeholders to get involved in sharing best practice to mitigate malware incidents

11th July 2016 – The Forum of Incident Response and Security Teams (FIRST) is calling on members of the incident response, anti-malware, and IT security communities to join forces and participate in a new Special Interest Group (SIG) on Malware Analysis.

The new SIG will bring together a multi-stakeholder, cross-industry group to develop a common set of best practices for managing and investigating malware incidents. Topics will include detection and prioritization of malware infections through anomaly detection, dynamic and static analysis, and clustering of malware samples, as well as mitigation and response techniques.

Maarten Van Horenbeeck, co-chair of the SIG, said: "A major issue in dealing with malware incidents is that we don’t always know how to prioritize them. Technical solutions can easily get rid of an infection, but they don’t always give an organization confidence that the wider threat, whether it is a sophisticated and persistent attack, or a case of ransomware, has been properly addressed. FIRST will bring together the practitioner community to develop best practices to help organizations deal with all aspects of malicious code.”

Margrete Raaum, President of FIRST, added: "Malware has been a long-standing issue for our community. While technical solutions exist, they work best when combined with processes and procedures to investigate and prioritize infections. FIRST aims to bring together our community of experts to document best practices and. FIRST’s goal is that all incident response teams have access to the best technical solutions available – whatever their size and whatever their expertise."

FIRST is seeking participants from key stakeholder communities, such as government, enterprise, academia and in particular the anti-malware and patch management industries, as well as the wider security community, who are willing to champion and exchange their views on malware response best practices within the group. FIRST membership is not required to participate. To register your interest, please contact FIRST at For more about FIRST Special Interest Groups, visit


Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) is made up of internet security teams from more than 350 corporations, government bodies, universities and other institutions across 76 countries. Its goal is to promote cooperation and information-sharing among computer security incident response teams through events, training and education, and working groups. For more information, visit: