VMRay & Phantom: Protecting Organizations from Malicious Email
The VMRay App for Phantom seamlessly integrates Phantom’s security automation and orchestration platform with VMRay’s agentless malware detection and analysis. This enables security teams to mitigate the risk of potentially malicious files through fast, automated threat detection and analysis.
In this video, we present a simple Phantom playbook that automatically scans emails received by an organization and forwards any file attachments to VMRay’s agentless hypervisor-based sandbox for analysis. Depending on the results of the sandbox analysis, the playbook notifies users when they have received an email containing malware. Using the Indicators of Compromise (IOCs) generated by the sandbox analysis, the playbook also ensures that the organization is protected from similar attacks by performing actions such as blocking the file hash on all other endpoints.
Together with security automation and orchestration platforms like Phantom, VMRay Analyzer takes away the risk of letting potentially malicious files into an organization’s environment while relieving security teams of manual, error-prone processes.