In case you missed it, the world of cybersecurity changed over the last six months. McKinsey put it politely this way in a recent report: security teams “must no longer be seen as a barrier to growth but rather become recognized as strategic partners in technology and business decision making”. Translation: everyone used to consider us to be a pain in the you know what, but not anymore. Joseph Melika puts it more succinctly: “Whereas previously security teams were more a back office function, today security is the foundation of the business and brand”. He goes on to write: “A company’s cybersecurity posture and reputation is quickly becoming the foundation for its success. A ‘good enough’ security posture is no longer enough for brand trust.” Why the big change? Of course, there are many reasons but probably the most fundamental is the shift to a remote working world necessitated by the pandemic, and the vastly expanded attack surface that has come with it.
The endpoints are everywhere now and without proper protection they represent a gaping hole in your security posture. No more so than with email which represents not only a technical vulnerability, but also a human vulnerability – given the increasingly sophisticated and targeted phishing attacks which can fool even the most technically adept among us. Even Gartner has chimed in with their somewhat alarmist Market Guide for Email Security (September/October 2020) in which the key overall finding was that “dramatic increases in the volume and success of phishing attacks and migration to cloud email require a reevaluation of email security controls and processes”. Translation: bulk up your email security before it’s too late. Gartner also reports that companies have expressed dissatisfaction with natively available [email security] capabilities and are, therefore, choosing to supplement with third-party products. In other words, best-of-suite packages rarely feature best-of-breed security protection. They conclude by saying, “Security professionals have known for years that, due to its importance as an attack vector, email security requires a layered approach.”
Enter VMRay and our newly re-launched Email Threat Defender (ETD) product. Leveraging the VMRay Platform, which features our best-of-breed hypervisor-based Dynamic Analysis sandbox technology, which has made us a leader among cybersecurity industry professionals (e.g., the leading MDR in the business Expel has been a user since 2018), we have created our first protection product, ETD, and we’re officially re-launching it as part of version 4.3.0 of the VMRay Platform.
How does ETD work? Essentially, ETD scans every single email that comes in to your company, providing the all-important supplement to your native email security package, as Gartner recommends. But is it really necessary? My email security package will identify 99% of threats right? Right. But there you have your answer – if 1% get through, or even 1 gets through, it could be catastrophic for your business and brand. Evasive malware, ransomware, zero-day threats and spear phishing – the most sophisticated of attacks are where you are vulnerable, and where ETD helps the most. Best-of-breed detection means we transform these never before seen and unknown threats into known threats.
Would you walk a high-wire over Niagara Falls without a safety net? Would you get a second opinion if your life depended on the diagnosis? Whatever metaphor you prefer, the bottom line is that you need to identify and prevent all attacks. And that’s exactly what ETD helps you do. To illustrate this, here is the BEFORE picture without ETD, illustrating how your native Email Security technology will let through clean emails but it will inevitably let through some malicious emails too. Not for no reason do we use the bomb detonation metaphor – because these malicious emails end up exploding when your end-user clicks on a URL or opens a file attached to them:
The AFTER picture features one key difference – malicious emails are detected by ETD and detonated when necessary within our sandbox so that they don’t detonate in your user’s email inbox. You can then quarantine the email and alert as required:
With traditional email security solutions and SEGs, links in emails are detonated only at Time of Click, which may be too late. During Web Analysis by ETD, links are evaluated immediately at Time of Delivery of the email. This is accomplished by pre-screening all links using our Smart Link Detonation, and only detonating those links that may lead to phishing sites or may trigger malicious downloads, while ignoring links that are safe. This is effective for protecting against unknown and targeted phishing threats – since links are dynamically analyzed before the user even gets to them. Our Smart Link Detonation is illustrated below:
As part of the re-launch of ETD, we are also introducing a brand new and ultra-modern GUI, which is now known as the Console (it used to be known as the Web Interface).
The new Console has a wide variety of features, starting with a couple that maximize your screen real estate, such as the hideaway menu in the upper-left corner:
As well as the condensed and simplified menu in the upper-right corner, which provides one-click access to the Knowledge Center, Dark Mode, Settings and your profile:
Needless to say, when you need to dive deeper into an analysis of an email, you have one-click access to VMRay Analyzer – our flagship product – from any file in ETD, as in the example below where you just need to click on the Windows icon to view the Dynamic Analysis report for the Windows Target environment:
Click on it and you are taken to the Sample Overview for this file in Analyzer:
We have also introduced several new features and enhancements for Analyzer, foremost among which is that it is now much easier to license, and the brand new Pay-Per-Use (PPU) functionality means you can keep analyzing no matter how busy you get because you can just pay for more Verdicts and Reports on an as-needed basis.
To expedite your path to being operational with our products, we’ve revamped and simplified our pricing plans for Analyzer, and we’ve introduced a handy new PPU option that allows you to keep analyzing, even after your Prepaid Verdict and Report Quotas have all been used up. Specifically:
Pricing plans are now defined by a Prepaid number of Verdicts per Month, Reports per Month and Total Number of Users.
You can supplement your basic Prepaid Verdicts/Reports/Users with Packs of additional Verdicts/Reports/Users.
If you run out of Prepaid Verdicts/Reports, you can use our new PPU option and pay for Verdicts and Reports as you go.
Five plans are available for Analyzer Cloud and four for Analyzer On Premises.
Multiple year discounts are available. For example, if you sign up for a 3-year Subscription, you receive 10% off.
Note that current customers are not impacted by these new pricing plans. Your existing pricing plan remains in effect indefinitely.
The structure of the new pricing plans is depicted below:
As part of this pricing overhaul, the use of the product name Detector has been deprecated because it is replaced by Prepaid Verdicts.
You can now create custom roles for users, and modify individual permissions for each new role. This gives Account Managers (Cloud) and Administrators (On Premises) total control over who gets to see and use what functionality. Context help which displays when you hover over a permission provides all the details you need to assign individual permissions. A sampling of some of the new permissions that are available is shown here, along with one example of the context help:
The VMRay Web Analysis currently simulates user-like behaviors such as clicking on buttons in order to trigger downloads or uncover malicious content which might initially be hidden. This simulation is accomplished via certain rules which behave differently and adapt to the scenarios they are exposed to via the browser. As new threats arise, up to date scenarios need to be incorporated into those rules so that the detection is continuously improved to stay one step ahead of attackers. So we have introduced the Adaptive Browser Simulation feature which enables us to continuously update these rules. The rules are then automatically distributed using the Signature and Detection Update feature that we introduced in v4.2.
We have improved detection in Excel Worksheets based on increased precision of extraction and analysis of legacy Macro 4.0 and DDE contents. This in turn has allowed us to improve the VTI scoring and enhance the information provided in the analysis reports.
We have added Dynamic Analysis target environment support for Windows 10 19H1 (version 1903) and Windows 10 19H2 (version 1909).
Five new hands-on chapters have been added to the API Programmer Guide covering some of the more powerful features of the Platform including Recursive Analysis, Analysis Caching, as well as Verdict and Report Quotas. Two new chapters covering the Integration Kit have also been added. The corresponding API References have also been streamlined and enhanced, including the addition of an Index of All Endpoints chapter for easier lookup of the exact endpoint you need. An ETD API Reference has also been added covering ETD-specific functions and parameters.
These are exciting days at VMRay as we expand our product line with ETD as well as a wide variety of Connectors to the most popular cybersecurity software, such as Carbon Black, ThreatQuotient, Sentinel One and many more – so that regardless of your existing security software ecosystem, we can fit right in and augment your EDR, SOAR, SIEM and other technologies with our best-of-breed detection and analysis technology embodied within the VMRay Platform. Stay tuned for several more product announcements this year…
Autonomous Response to critical malware alerts
VMRay + Palo Alto Networks JOINT WEBINAR