The Communications Security Establishment (CSE), Canada’s main signals intelligence agency, has made a malware scanning and analytics tool called AssemblyLine as open-source by releasing the code. AssemblyLine tool can analyze massive volumes of files and also rebalance workload automatically.
During the scanning process, every file is given a unique identifier, and user-defined analytics engines scan it to assess the maliciousness of the code. The file is then assigned a score accordingly, and if a file is identified to be malicious, then it has to go through other defensive mechanisms.
The CSE hopes that by making the code open-source and free, the information security or InfoSec community will be able to develop more tools and come up with innovative methods of detecting malicious files. Registered users can access the AssemblyLine source code at Atlassian’s Bitbucket repository. It is worth noting that the CSE made the software public without commercial or proprietary technology.
This isn’t the first time an agency has released the source code of software since the US NSA/National Security Agency has also publicly released a number of infosec tools such as Secure Extensions for Linux (SELinux) and GCHQ/Government Communications Headquarters of Britain also has a code repository on Github and has already made various tools open-source.
The primary objective of using AssemblyLine is to help analysts from preventing them to manually inspect the files and allowing them enough time and space so that they could focus upon incoming malware. Mainstream anti-virus programs like Kaspersky, McAfee, BitDefender, and F-Secure can also be used for scanning with AssemblyLine while the tool can connect with the VirusTotal anti-virus scanning service through an application programming key.
[q]Assemblyline minimizes the number of non-malicious files that analysts have to manually inspect and allows users to focus their time and attention on the most harmful files.[/q]
CSE’s IT security head Scott Jones told CBS News that, AssemblyLine is “a tool that helps our analysts know what to look at because it’s overwhelming for the number of people we have to be able to protect things.”
The CSE has dubbed it an “unprecedented step” as it is the first electronic spy agency that has released its own developed cyber defense tool to the public. The agency hopes that organizations will be able to defend their data and sites from cyber threats better.
Independent researcher and member of University of Toronto’s Citizen Lab, Bill Robinson, has dubbed the step of CSE as “big change” and “a sea of change.” As for, AssemblyLine; the tool is available on BitBucket.