with Malware & Phishing analysis
VMRay Analyzer empowers DFIR and SOC teams to
VMRay Analyzer observes the genuine behavior of malware and phishing threats.
Noisy results are a daily frustration for SOC analysts and managers.
Excessive noise impedes manual investigations, and discourages efforts to automate the sharing of results, because doing so propagates the weaknesses of those results to other systems.
VMRay’s Intelligent Monitoring generates concise and focused output that only addresses the malware or URL’s core behavior. This eliminates false positives, streamlines analysis, and scales automated detection.
With brand new advanced threats entering the cybersphere every second, it is inevitable that some will slip through your EDR defenses. Analyzer helps you fill the gaps and cover the blind spots: it is the last bastion and your ultimate source of truth.
Built by industry pioneers and having stood the test of time for over 10 years, Analyzer catches what others can’t.
Pre-built Connectors make it easy to not only input from other systems, but also, output to other systems.
Available are connectors to Carbon Black, Cybereason, SentinelOne, Rapid7, and many more.
Intelligent Monitoring:
Allows VMRay to stay invisible to evasive malware as it runs solely in the hypervisor layer and without affecting the analysis environment.
Smart Memory Dumping:
Advanced triggers to accurately dump and store relevant memory buffers of analyzed malware in real time that enables timely detection.
Machine Learning
Fed by the highest quality input data derived from our analysis, our Machine Learning model improves our capabilities to detect the undetectable.
VMRay automatically generates IOCs with every analysis. It applies VMRay Threat Identifier (VTI) rules to flag and score artifacts, filtering out the noise and providing true, actionable IOCs.
The MITRE ATT&CK framework is mapped to VMRay Threat Identifiers (VTIs). This allows security teams to understand the scale and impact of an incident fast, leading to actionable mitigation measures.
Manually interact during the analysis runtime using a built-in VNC viewer.
Detect geo-location evasion techniques. VMRay provides analysts the ability to choose an exit node from a list of over 40 countries when they submit a sample.
VMRay triggers more frequent and more relevant memory dumps to capture a comprehensive view of malware and malicious URL characteristics and behavior. This increases the speed and accuracy of detection and analysis of malware & phishing threats.
With our IDA Pro Plugin, analysts can investigate other processes monitored and logged inside the VMRay analysis archive – so files that were downloaded or dropped, then executed afterward, can also be investigated without further effort.
See how Expel’s security team is using VMRay Analyzer
to elevate their game.
A malware sandbox is a cyber security term referring to a specifically prepared monitoring environment that mimics an end-user operating machine.
Malware sandboxes represent an important tool in the arsenal of security teams and are used to safely observe the behavior of suspicious file or URL in a controlled environment without risking infection of the host machine.
VMRay keeps adding new blocks to its groundbreaking sandbox by continuously developing new cutting-edge technologies to stay ahead of the attackers.
VMRay offers a unique mix of stealthiness and efficacy that allows it to stand out from the pack. Traditional sandbox solutions either do not produce results at all due to being detected by malware (which then ceases operation) or produce too much data due to poor result filtering or slow performance.
VMRay delivers reliable results without adding the burden of filtering irrelevant data for your analysts. With years of experience and continuous efforts, VMRay is well-equipped both for current malware & phishing threats, as well as for staying ahead of the game when encountering new and unknown threats.
And we keep adding new technologies on top of this strong basis. With 27 (and counting) unique technologies that we have developed, VMRay Analyzer goes way beyond the sandbox and offers a comprehensive platform.
VMRay Analyzer runs solely in the hypervisor layer, an unprecedented engineering feat that allows monitoring to take place from outside the analysis environment.
By always remaining invisible, VMRay defeats even the most evasive techniques built into advanced threats.
VMRay Analyzer Cloud and On-Premises both have the same core functionality and ability to analyze and detect unknown threats. The main difference between Cloud and On-Premises is the level of customization offered.
VMRay Analyzer On-Premises supports extensive customization of:
The cloud-based deployment option offers fast time-to-value. You don’t need any hardware to purchase or implementation, nor any maintenance effort is required. It’s easier to scale up and offers more flexibility in terms of regional coverage.
VMRay Analyzer Cloud or On-Premises are annual subscriptions. Licensing is based on the number of dynamic analyses performed per day. A perpetual license option is available for on-premises customers.
The Cloud version of VMRay Analyzer includes support for the latest Windows Redstone operating system as well as macOS Catalina. The following file types can be analyzed.
Learn why leading DFIR teams worldwide see VMRay Analyzer the gold standard for dynamic analysis.
Learn about the primary methods threat actors use to evade sandbox detection.