We’ve just released V 1.10 and we’re well on the way to building the ultimate Panopticon for malware. To reach that goal with automated malware analysis and detection, three criteria must be met:
In our prior 1.9 release we addressed scalability through our hyperscale architecture. Because of VMRay’s agentless hypervisor-based approach, there is nothing about the analysis per se that malware can detect. However, malware can look at the target machine and make an inference as to whether or not the machine is ‘real’. Creating realistic target machines was a prime objective that we blogged about earlier, and we’ve added more functionality to facilitate that in our new 1.10 release.
Scalability and detection evasion count for nothing if the end result isn’t an accurate, actionable analysis. To that end we’ve made several enhancements to how VMRay analyses browser exploits and other malware. We’ve also enhanced our scoring system, the VMRay Threat Identifier (VTI) engine, adding user-editable rules and customization.
Lastly, interoperability and ease of integration are critical for enabling timely action. To that end we now support CybOX (STIX) formats in reports. VMRay supports SIEM integration by publishing analysis alerts in Syslog/CEF format.
Follow us on Twitter @VMRay to get updates as we blog about what’s new in more detail.