Elevating cyber resilience
for a major North American city administration

Read how a major North American city administration has improved cyber resilience by prioritizing automation and privacy with VMRay.


In an era when cybersecurity threats loom large, safeguarding sensitive data and vital resources is paramount, especially for a prominent North American city administration playing a pivotal role in the global economy, culture, and scientific research. This case study delves into how VMRay’s versatile threat analysis platform helped transform this city’s cybersecurity posture, starting from manual use cases and evolving into an all-encompassing security solution.

The Genesis: From Manual Submissions to Excellence

Facing a surge in security threats, the city administration initially grappled with manual submissions for threat analysis. Their quest for a more reliable sandboxing solution led them to VMRay, a decision that quickly bore fruit. VMRay’s platform emerged as the go-to sandboxing tool, earning praise as “the best sandbox we’ve used.”

The city administration’s delight wasn’t just about using VMRay but also about the accuracy and depth of its threat analyses. In particular, VMRay stood out in handling the QBot threat, a persistent challenge. QBot, a malware strain, had adapted and developed new threat vectors, necessitating a proactive approach to counter these evolving threats.

VMRay’s standout feature was its evasion-resistant platform. Unlike traditional sandboxes, VMRay remained impervious to manipulation by threat actors, making it capable of detecting and analyzing even unknown and emerging threats. The city administration’s goal was clear: to be secure against evolving threats and unknown malware.

Our search for a better sandbox has finally ended with VMRay.

We truly appreciate your exceptional product; it goes above and beyond, providing unparalleled depth of analysis, and the reliability of your reports surpasses anything we’ve encountered in the past.”

Expanding Horizons: Integrating for Automation

Buoyed by their initial success, the city administration sought to expand their use of VMRay. They were armed with a potent array of existing security tools, including EDR, SIEM, and SOAR solutions. The challenge lay in integrating VMRay into this complex security ecosystem without adding undue complexity.

VMRay’s verdicts and Indicators of Compromise (IOCs) proved instrumental in streamlining alert triage and enrichment. They seamlessly integrated VMRay into their existing security systems, empowering their security operations with actionable intelligence. Notably, VMRay’s professional support services were instrumental in ensuring a smooth transition, offering expertise in onboarding, deployment, and automation integration.

For more details about VMRay’s professional services, please visit here.

VMRay has proven to be an invaluable partner to us. We deeply appreciate their top-notch service and unwavering support.

In an already overwhelming landscape, VMRay’s commitment to providing seamless integration services has been a game-changer. They are always there whenever we need a solution, ensuring our security ecosystem runs effortlessly without adding any unnecessary complexity to our operations.””

Charting the Path Forward: Embracing Cloud and Linux Security

As the city administration looks to the future, two major objectives come to the forefront: cloud deployment and robust Linux security. Transitioning to cloud-based security solutions aligns with their vision of becoming more cloud-centric. However, as a government entity, the utmost trust in privacy is essential.

VMRay answered this demand with a range of privacy options, including exclusive data ownership, the ability to choose server locations, and flexible data retention policies. This commitment to data privacy positions VMRay as a trusted partner in the city’s cloud security journey.

“VMRay’s commitment to data privacy makes us confident about transitioning to cloud deployment, a significant advantage in our highly-regulated industry.”

With their move to cloud operations, the city administration recognized the need for robust Linux security. Linux, prized for its scalability, customization, and open-source features, had also attracted the attention of threat actors. VMRay, responsive to customer needs, introduced the capability to analyze Linux threats (ELF executables) in its 2023.3.0 Release.

You can explore our course on VMRay Academy on defending against Linux threats in the cloud here.


In an age of evolving cyber threats, the city administration took proactive steps to fortify its cybersecurity stance. Beginning with manual submissions, they found VMRay a reliable partner, empowering them with unmatched threat analysis capabilities. 

Their journey continued with seamless integrations into their security ecosystem and a vision for cloud and Linux security. VMRay, with its commitment to data privacy and innovation, stands alongside the city administration as they stride confidently into a secure digital future.

Table of Contents

See VMRay in action.
Improve cyber resilience and boost security team’s efficiency with the VMRay Platform.

Further resources


Single source of truth for effective security automation


with VMRay:

Explore various privacy policy options VMRay offers to ensure ultimate privacy.


The most advanced malware and phishing sandbox

Welcome to the playground.

Explore what you can do with VMRay.

Click on the yellow dots to check the report formats, see the overview, explore the network connections of the sample, malicious behavior, and relevant files, map the threat on MITRE ATT&CK Framework, analyze and download IOCs and artifacts.

The analysis report tabs are available both for VMRayDeepResponse and VMRayTotalInsight. The bundle of VMRay FinalVerdict and VMRayDeepResponse also offers access to the analysis report tabs.

We’re sorry. 

The interactive tour is not available on mobile devices.

Unveiling the power:
See our experts showcasing VMRay’s capabilities.

Analysis of a malicious file

Join Fatih Akar from the VMRay team as he provides a detailed walkthrough of a malicious LNK file, a prevalent attack vector since Microsoft’s Office macros block.

Gain valuable insights into each tab of our comprehensive analysis report and get a sneak peek into what you’ll be exploring.

Analysis of a malicious URL

Join Andrey Voitenko, an expert in advanced malware and phishing analysis from the VMRay team, as he demonstrates how to submit emails and URLs to the VMRay platform using built-in connectors.

Discover the capabilities of our new Automation Dashboard, enabling one-click automation with your existing EDR, SOAR, SIEM, and TIP tools. Monitor analysis data seamlessly from your VMRay dashboard and unlock new levels of efficiency in your security operations.

Integrating with existing tools

Watch Michael Bourton showcasing the seamless integration of VMRay platform with your existing security stacks.

Discover how effortlessly you can leverage unparalleled detection and analysis capabilities by utilizing dedicated connectors or our Rest API.

Experience VMRay in Action:
Explore Real-world Malware Analysis Reports

Get a firsthand look at the power and capabilities of the VMRay platform by delving into our sample malware and phishing analysis reports.

Immerse yourself in a range of report formats, providing comprehensive insights.

Dive into the overview, explore intricate network connections, analyze malicious behavior in detail, and map threats using the MITRE ATT&CK Framework. See the possibilities to download clear IOCs.

Uncover the capabilities that await you.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator