SOC teams are often overwhelmed by the flood of known and suspected malware coming at them from every direction. Web and email gateways, endpoints and other systems all feed into the fire hose of suspicious files sent to the SOC—and all those potential threats need to be vetted ASAP.
The challenge facing security analysts can be summed up with a few imperatives:
That, in a nutshell, describes the capabilities of VMRay Detector, which was introduced in March at the RSA Conference.
VMRay Detector is built on our flagship platform, VMRay Analyzer. However, while VMRay Analyzer is designed for comprehensive, in-depth malware analysis and detection, VMRay Detector is focused on rapid, highly accurate malware detection for high-volume use cases.
Affordable and scalable, the solution ingests suspicious files and URLs from multiple sources. VMRay’s multi-stage triage and detection process quickly distinguishes between malicious and benign files: dismissing the latter so the system’s analytical firepower can be focused on the former.
VMRay’s Now, Near, Deep architecture (see Figure 1), integrates three core components:
When it’s integrated with high-volume sources, such as web and email gateways, VMRay Detector provides rapid, fully automated threat detection. No human interaction is required. And because VMRay’s Now, Near, Deep architecture ensures that high-level results are very accurate, false positives are virtually eliminated. In turn, security teams can confidently share those results with other security tools to automate block/allow decisions and additional protection measures.
The more widely VMRay Detector is integrated with other security systems, the greater its value to the organization. When VMRay Detector is combined with VMRay Analyzer, analysts can conduct in-depth analyses and access actionable threat intelligence to investigate the most severe and advanced threats.
When integrated with other security products, VMRay Detector complements them in important ways. It fills security gaps that exist in traditional malware detection tools. By feeding those tools fast and highly accurate detection results, VMRay enhances the precision and timeliness of their automated protection measures. And when results are shared with threat intelligence systems, analysts can identify commonalities that may indicate a wider threat or recognize an attack that has been seen before, enabling a faster and better-informed response.
Leveraging VMRay’s REST API and out-of-the-box connectors, security teams can integrate VMRay Detector with diverse components of their enterprise security ecosystem.
VMRay Detector is designed to apply the right technology at the right stage of the detection pipeline to deliver optimal results at very high volume. By empowering SOC teams to handle the deluge of threat information they face every day, VMRay’s solution not only enhances security but also increases the efficacy of SOC personnel.