The Challenge

The interlocking of all security measures is important for the high cyber resilience of a company. Ideally, they form a tightly meshed network in which malware, if it remains undetected by one of the security guards, is stopped by another.

The most common components of such a multi-layered system include firewalls, anti-virus products, intrusion prevention systems (IPS), email and web gateways, but also network segmentation. Sandbox solutions play an important role when it comes to, for example, unknown malware (zero-day), evasive, polymorphic malware or very complex attacks.

However, sophisticated malware is able to detect common sandboxing methods, feign benign behavior to avoid detection (sandbox evasion), and successfully slip through security lines.

AppOmni

VMRay – the Solution from NetDescribe

This is precisely the gap that VMRay fills with its product portfolio for the detection and analysis of sophisticated, intelligent malware. The solutions are based on sandbox technology developed in-house. Key features include:

  • high level of resistance to sandbox evasion,
  • full visibility of malware activity and
  • elimination of background noise and false alarms.

In the VMRay Sandbox, an isolated virtual machine, potentially insecure software code can be automatically executed and analyzed with varying levels of detail without impacting network resources or local applications. Sandbox solutions play an important role when it comes to the detection of

  • unknown malware – so-called zero-day attacks,
  • highly evasive malware – polymorphic malware that constantly changes its identifiable characteristics and
  • complex, targeted attacks – e.g. politically motivated advanced persistent threats.

Highly resistant against Sandbox Evasion:

VMRay’s hypervisor-based sandbox is virtually invisible to malware and therefore does not trigger obfuscation attempts. Company-owned golden images can be used to align the sandbox environment as closely as possible to the real environment. Targeted attacks that are only active on computers in the target organization and therefore look for corresponding characteristics can be detected in this way. Using geo-location settings, the sandbox can also be configured to simulate company computers in different countries.

Full visibility of malware activity:

VMRay’s high-performance dynamic malware analysis literally sees every interaction of malware with target systems. This allows information to be provided with the necessary level of detail. It gives incident response teams accurate insight into the malware’s modus operandi, behavioral patterns and malicious potential and helps uncover attack vectors.

Elimination of background noise and false alarms:

Alert fatigue has long been a serious problem for security teams. They are inundated with alerts and spend a lot of energy trying to distinguish real alerts from false alerts.
VMRay’s technologies are able to extract reliable IOCs (Indicators of Compromise) from the mass of forensic data. Conspicuous but benign “background noise” is eliminated just as reliably, e.g. when justified interactions of the Adobe program with the system environment take place during the analysis of a suspicious pdf file. All this is done fully automatically and means a considerable relief for the security teams.

VMRay FinalVerdict – The single source of thruth for Security Automation

Security workflow automation, or hyper-automation, is becoming increasingly important for security teams. The high volume and low quality of alerts, as well as the cybersecurity skills shortage, are the wake-up call that SOC productivity needs to be prioritized.

With VMRay FinalVerdict, organizations are able to overcome these challenges by automating, accelerating and scaling the triage and investigation of alarms. In the process, they gain non-disruptive and accurate information to automate tasks.

VMRay FinalVerdict delivers timely and actionable malware and phishing threat verdicts in high-alert environments to increase SOC productivity. With seamless integrations via dedicated connectors or Rest API, VMRay FinalVerdict can rank alerts received from EDRs, investigate and enrich alerts for SOAR playbooks and validate user-reported phishing alerts in an automated manner.

VMRay DeepResponse – The solution for malware and phishing analysis

VMRay DeepResponse is built on the most advanced malware and phishing analysis sandbox and addresses the biggest challenge faced by SOC analysts, incident responders, threat hunters and detection engineers: time-consuming manual analysis processes that prevent them from staying ahead of new and unknown threats.

DeepResponse provides detailed reports without unnecessary information required to contain and respond to unknown, targeted or sophisticated file and URL-based threats. With a focus on speed and efficiency, VMRay DeepResponse is designed to reduce incident response times and improve the ROI of time-intensive threat intelligence processes.

VMRay TotalInsight – Building reliable, actionable and customized threat intelligence

VMRay introduces TotalInsight to help organizations stay ahead of emerging threats and targeted attacks. With VMRay TotalInsight, government organizations, companies in highly regulated industries and MSSPs can create their own customized threat intelligence against targeted, industry-specific threats. TotalInsight is designed for threat intelligence teams that need scalability and efficiency in their processes.

With VMRay you

  • increase the effectiveness of your SOC and incident response team,
  • reduce the time and cost of manual analysis by up to 90% and
  • reduce the number of false positives significantly.

Book your personal appointment right now

Put your IT performance to the test. For which requirement have you always been looking for a solution? NetDescribe will get you there – with independent advice, reliable support and proven use cases.

Set up an appointment

Blog

Interesting facts from the IT world