Product Portfolio

How many product options does VMRay offer?

VMRay offers four product options designed for specific use-cases.

VMRay Analyzer: VMRay Analyzer is an automated malware analysis solution that enables analysts to monitor, analyze and identify threats and extract indicators of compromise (IOCs). VMRay Analyzer is our flagship product and can be deployed on-premises or in the Cloud.

VMRay Detector: VMRay Detector is an automated malware detection solution for enterprises that need rapid, highly accurate malware detection for high-volume use cases. VMRay Detector can be deployed on-premises or in the Cloud on top of an Analyzer license.

VMRay Email Threat Defender: VMRay Email Threat Defender is an email threat detection solution that fully automates the scanning of inbound email to detect malicious URLs and attachments. VMRay Email Threat Defender can be deployed on-premises or in the Cloud.

VMRay Investigator: VMRay Investigator is a malware analysis solution that enables analysts to monitor, analyze and identify threats and extract indicators of compromise (IOCs). VMRay Investigator is only available as a Cloud solution and submissions can only be submitted manually.

All VMRay products use our underlying Now, Near, Deep architecture.

What are the main differences between VMRay Analyzer and VMRay Detector?

VMRay AnalyzerVMRay Detector
Designed for comprehensive, in-depth malware analysis and detectionDesigned for rapid malware detection for high-volume use cases
Provides in-depth analysis reports and detection resultsProvides only high-level detection results
Supports submission via Web Interface, API or IR Mailbox Supports submission-only via API or IR Mailbox

Technology

What is the “Now, Near, Deep” approach to malware analysis and detection?

“Now, Near, Deep” combines dynamic analysis with our static analysis engine and built-in reputation checking. Our groundbreaking dynamic analysis engine is at the heart of this approach. It utilizes hypervisor-based monitoring, which embodies four differentiating traits:

  • Evasion resistance
  • Full visibility
  • Precise, noise-free output
  • Scalability to support short-term spikes and long-term growth.

The Now, Near, Deep approach enables security teams to handle larger analysis volumes, speed up detection, and improve the productivity and efficacy of security personnel and infrastructure.

For more information on our Now, Near, Deep approach, read our blog post

What is “hypervisor-based” monitoring in the context of dynamic analysis?

Unlike traditional malware sandboxing solutions, VMRay monitors malware behavior solely from the hypervisor layer and does not need to modify a single bit in the analysis environment. This allows VMRay’s products to monitor the interaction between the malware and the system while remaining completely invisible to malware.

Today, malware is designed to recognize when it runs inside an analysis environment and can stall or exit inside a sandbox. Yet even the most evasive malware will reveal its behavior in VMRay’s products.

For more information on our hypervisor-based monitoring technology, read our Technology Whitepaper.

Privacy & Compliance

Are files submitted to VMRay Cloud deployments private?

All samples uploaded to VMRay Cloud products are only accessible by users in your organization.

If you decide to enable our VirusTotal and OPSWAT Metadefender connectors those samples will be sent out to the respective third parties.

Is VMRay GDPR compliant?

Yes, VMRay is GDPR compliant.

VMRay On-Premises customers can ensure that their data never leaves their network. For organizations choosing a cloud solution, personal data and other sensitive information is protected in accordance with some of the strictest data privacy laws in the world.

VMRay allows customers to create a completely isolated environment for analyzing advanced malware threats, without the risks posed by open-source tools and services. Our Data Processing Agreement (DPA) for GDPR compliance is available here.

Do VMRay products support 2FA?

Yes. Users can enable 2FA and use a Time-based One-Time Password (TOTP) token generated from another device to access their VMRay account. Popular 2FA apps such as Google Authenticator or Duo can be used to scan and generate codes required for authentication.

Support

Does VMRay provide technical support?

Support is available during European and US office hours. Support tickets can be opened via email or our Zendesk portal or by calling our toll-free number +1(888)958-5801 (in North America).

More details are available in our license agreement at www.vmray-legal.com or see our Contact page.

VMRay Analyzer

Deployment

What is the difference between VMRay Analyzer Cloud and VMRay Analyzer On-Premises?

VMRay Analyzer Cloud and On-Premises both have the same core functionality and ability to analyze and detect malware. The main difference between Cloud and On-Premises is the level of customization offered.

VMRay Analyzer On-Premises supports extensive customization of:

  • Target VMs: Security teams can analyze files and URLs in fully customized VM images, such as the organization’s own Gold Image.
  • Detection Rules and the Analysis Scoring System: Security teams can add their own detection rules and customize the built-in analysis scoring system (VMRay Threat Identifier or VTI Score as well as Yara rules )
  • Backend Global Settings: This includes the ability to create independent user groups, modify advanced network configuration settings, change other advanced settings such as the total size and number of memory dumps per analysis etc.

How is VMRay Analyzer deployed on-premises? (hardware/software)

VMRay Analyzer On-Premises is a “bring your own hardware” deployment. Our team works with customers to determine the appropriate hardware configuration and specifications. Our installer pulls down all required components automatically, starting with the OS, simplifying the install and configuration process.

How does VMRay Analyzer scale?

VMRay Analyzer employs a ‘Now, Near, Deep’ architecture – files can first be triaged by our ultrafast reputation engine (‘Now’), then statically analyzed for active and potentially malicious components (‘Near’) before a full dynamic sandbox analysis (‘Deep’). Our sandbox analysis is the fastest and most scalable on the market, delivering bare-metal performance in a cost-effective virtualized environment.

For more information read our Hyperscaling blog post.

Can VMRay Analyzer be run in an air-gapped environment?

Yes. The initial install needs to be while connected to the internet. The VMRay Analyzer updates can be downloaded from our portal then copied on media and subsequently applied. We update the on-premises software on a semi-annual basis.

Users will not be able to update the file reputation service when air-gapped. OPSWAT Metadefender On-Premises results can be incorporated in air-gapped environments for multi-AV results. Users will still need to manually update the AV definitions for the AV engines they are running.

Capabilities

What type of information is available in a VMRay Analyzer Report?

A VMRay Analyzer Report provides:

  • High-level sample verdict (Malicious, Suspicious or Not Suspicious)
  • Threat Indicators (VTI Rules)
  • Mapping of VTI rules to the MITRE ATT&CK Enterprise Matrix
  • Screenshots taken during analysis
  • Network Behavior
  • IOCs
  • Downloadable Function Log
  • And much more

View our Malware Analysis Reports page to see interactive VMRay Analyzer Reports.

View our Malware Analysis Reports page to see interactive VMRay Analyzer Reports.

What operating systems does VMRay Analyzer support?

We currently support Windows Operating Systems (Windows 7 to Windows 10) and macOS (High Sierra) in our cloud service. Additional Windows targets are supported for on-premises.

What are the supported file types?

We support all major formats for office documents, scripts, archives, drivers, executables as well as URLs. We are constantly expanding the range of file types supported as malware authors seek new infection vectors by leveraging obscure and outdated formats.

For more information about our supported file types, contact our Sales Team.

Does VMRay Analyzer support manual interaction with a malware sample?

Yes, you can manually interact with malware via VNC. For more information on our interactive mode read our blog post on our interactive analysis capabilities.

Are 3rd-party integrations available with VMRay Analyzer?

VMRay Analyzer provides out-of-the-box support for third-party platforms across the security ecosystem -End Point Protection, SIEM, SecOps (SOAR) and Threat Intelligence (TIP). We also have a documented REST API and sample python libraries for custom integrations.

View a complete list of VMRay Analyzer’s out-of-the-box integrations.

Licensing

How is VMRay Analyzer licensed?

VMRay Analyzer Cloud or On-Premises are annual subscriptions. Licensing is based on the number of dynamic analyses performed per day. A perpetual license option is available for on-premises customers.

VMRay Detector

Deployment

What is the difference between VMRay Detector On-Premises and VMRay Detector Cloud?

VMRay Detector requires an underlying VMRay Analyzer deployment (either On-Premises or Cloud). Refer to the Deployment section of VMRay Analyzer.

Capabilities

What information does VMRay Detector provide?

VMRay Detector provides only high-level detection results. These include:

  • High-level sample verdict(Malicious, Suspicious or Not Suspicious)
  • VTI scores associated with dynamic and static analyses
  • Threat Indicators (VTI Rules)
  • Sample reputation information.

Since VMRay Detector requires an underlying VMRay Analyzer deployment, it is possible to use the underlying Analyzer license to unlock detailed VMRay Analyzer reports associated with a sample. Refer to the Capabilities section of VMRay Analyzer for information on what is available in a detailed analysis report.

How does VMRay Detector scale?

VMRay Detector employs a ‘Now, Near, Deep’ architecture – files can first be triaged by our ultrafast reputation engine (‘Now’), then statically analyzed for active and potentially malicious components (‘Near’) before a full dynamic sandbox analysis (‘Deep’). Our sandbox analysis is the fastest and most scalable on the market, delivering bare-metal performance in a cost-effective virtualized environment.

What operating systems does VMRay Detector support?

We currently support Windows Operating Systems (Windows 7 to Windows 10) and macOS (High Sierra) in our cloud service. Additional Windows targets are supported for on-premises.

What are the supported file types?

We support all major formats for office documents, scripts, archives, drivers, executables as well as URLs. We are constantly expanding the range of file types supported as malware authors seek new infection vectors by leveraging obscure and outdated formats.

For more information about our supported file types, contact our Sales Team.

Are 3rd-party integrations available with VMRay Detector?

Together with VMRay Analyzer, Detector provides out-of-the-box support for third-party platforms across the security ecosystem -End Point Protection, SIEM, SecOps (SOAR) and Threat Intelligence (TIP). We also have a documented REST API and sample python libraries for custom integrations.

View a complete list of VMRay’s out-of-the-box integrations.

Licensing

How is VMRay Detector licensed?

VMRay Detector Cloud or On-Premises are annual subscriptions. They are only available as add-on licenses for a VMRay Analyzer Cloud or On-Premises deployment. Licensing is based on the number of detections performed per day.