Full visibility, total defense against hiding malware
In your fight against malware, behavioral analysis is one of the most effective tools you can use to help your security teams detect and eliminate emerging threats. Potentially harmful files are analyzed by running them in a controlled area within the sandbox and examined to see if they are harmful.
Current sandbox solutions have some fundamental shortcomings that affect detection and analysis. Some of them can be detected by malware, as a result of which the malware hides its actual harmful effects to avoid detection. In other solutions, scaling problems are experienced or too many false positives are observed.
The Power of the Agent-Free Approach
VMRay Analyzer uses a new approach to overcome these weaknesses, which is a revolutionary departure from previous methods. Analysis performed with an agent-free, hypervisor-focused approach is combined with the reputation engine, providing four essential features for SOC analysts and CERT teams with VMRay Analyzer:
PRIVACY
VMRay Analyzer bypasses advanced malware hiding techniques.
SPEED
With bare-metal performance, threats are quickly detected in large structures.
VISIBILITY
Thanks to in-depth dynamic malware analysis, information is collected about the behavior of malware on the system.
DEFENSE
Provides actionable intelligence on even the best hidden malware.
KEY BENEFITS:
- Fast threat detection thanks to the industry's most detailed dynamic threat analysis
- Undetectable by malware thanks to agent-free, hypervisor-based approach
- Thanks to the reputation engine and incident severity classifications, fast, automatic, actionable information is collected
- Bare metal performance thanks to CPU Hardware virtualization extensions
- By monitoring all activity in the system regarding malware, you can fully see the low-level control flow.
- Flexible result formats for forensic experts, IR teams and managers
- Seamless integration with third-party security platforms
- Used by the largest enterprises, security solution providers and OEMs
WHY HYPERVISOR?
VMRay takes a new agentless approach to dynamic malware analysis. All movements of the malware are monitored with the VMRay Analyzer embedded in the Hypervisor. Because the VMs in the sandbox are not virtual and the analysis is invisible to malware, even the most stealthy threats behave as they normally would.
REAL-TIME, REAL-DIMENSION DETECTION AGAINST KNOWN FILES
Thanks to VMRay's reputation engine, real-time detection can be made against the data in the files against the industry's most detailed reputation data sources, without running the files.
DETAILED NETWORK COMMUNICATION ANALYSIS
VMRay captures and analyzes all network communication and detects harmful communication within it. Extracts domain and IP addresses and protocols used by malware. PCAP files can be opened with tools such as Wireshark and in-depth packet analysis can be performed. VMRay performs its analyzes on a wide range of environments: the operating system, applications and localizations are changed and the different reactions of malware in changing environments are monitored.
ACTIONABLE SCORING
With VMRay's system using threat detection rules, a severity score for malware is determined and intelligence that can be used in tools such as SIEM, EPP, NGFW etc. is obtained.
VMRAY ANALYZER FEATURES
CANNOT BE DETECTED
- Is not affected by advanced hiding techniques
- The system is not affected by reboot and autostart operations
CUSTOMIZABLE AND AUTOMATIC
- Built-in Yara rulesets can be customized and detailed
- Prepares the environment for each analysis with special pre-analysis scripts
- You can interact with the malware manually via VNC
SEAMLESS INTEGRATION
- Ready support for third party products: Carbon Black, Splunk, ThreatConnect, Ayehu, VirusTotal, MISP, Phantom and Cisco CloudLock
- Seamless integration with other products thanks to flexible Rest/JSON API
BROAD COVERAGE
- You gain full visibility over the control flow of malware with broad coverage over malware types at the user and kernel level.
- Possibility to analyze detailed behavioral analysis and network movements.
EASY INSTALLATION AND USE
- Installation methods via cloud or in-house
- All functions are accessible via user-friendly web interface or REST APIs
- Affordable scalability
FLEXIBLE RESULT FORMATS
- High-level summary reports for non-security experts and executives
- Following up all input and output parameters with finely detailed logs at the function level
- Output formats for automatic processing or manual review: HTML, XML, CybOX/STIX, JSON and text files