Introduction
April is a season of fresh starts, and at VMRay, that means another powerful Platform release. Whether it’s the energy of spring or simply the pace of innovation accelerating, we’re happy to bring you the next set of updates to the VMRay Platform in 2026.
While the first release of the year is already behind us, it marked a strong start to 2026, bringing major enhancements such as the redesigned Relations tab for deeper visibility into malware delivery chains and the VMRay + KnowBe4 integrated phishing connector released in January.
Now, it’s time for the next chapter. We’re pleased to share what’s new in the VMRay Platform and offer a preview of what’s still to come. Let’s dive in.
Complete Threat Visibility at a Glance
Recursive analysis often uncovers critical insights, but those details shouldn’t be hidden deep in the analysis tree. With this release, threat names and classifications identified during recursive analyses are automatically aggregated and surfaced directly in the parent sample view. This means analysts get the full threat context at a glance, even when working primarily from summary or top-level views such as email analyses.
To make threat exploration even easier, a new lightbox view on the parent sample level provides a consolidated overview of all detected threat names, clearly distinguishing between findings from the parent sample and those originating from recursively submitted samples. The result: faster triage, better context, and greater confidence in decision-making.
These enhancements extend to our integrations as well. Whether using the newly introduced KnowBe4 connector or existing integrations like SentinelOne, querying only the parent sample via API now automatically enriches results with recursive threat intelligence, ensuring no valuable insights are missed, regardless of how you access the data.
Tags are one of the simplest yet powerful ways to add context to your submissions, helping you group related samples, search across analyses, and correlate findings with alerts from external security tools and VMRay connectors. With this release, you can take full advantage of this cool feature.
We’ve expanded tag support to include a wider range of special characters, giving you the flexibility to mirror real-world alert names, identifiers, and metadata from external systems. This means fewer workarounds, smoother integrations, and more reliable automation, especially when working with SIEMs, EDRs, and other security platforms. For example, your VMRay + MS Defender for Endpoint integration can now attach complex file or process identifiers as tags, making it easy to correlate multiple alerts across endpoints. Now, with the Microsoft Defender integration, you can attach the Defender Alert ID as a tag, making it easy to correlate your VMRay submission with the corresponding Defender alert.
VMRay Cloud Goes (EU) Sovereign
This release brings another great announcement. VMRay introduces a new VMRay Cloud hosting option in the AWS European Sovereign Cloud. This new option is designed for organizations with stricter requirements around EU data residency, operational control, and sovereignty. In practice, that means customers can use VMRay Cloud in an environment designed to keep data hosted and processed within the EU, while supporting teams that need stronger operational boundaries. The deployment is located in Germany.
What you get with VMRay Cloud in the AWS European Sovereign Cloud:
-
Your data is hosted and processed entirely within the EU.
-
All Cloud operations remain within an EU sovereignty boundary.
-
Access and operations are limited to EU-resident personnel.
-
The offering supports sovereignty-focused compliance requirements, including BSI C5 attestation and alignment with the evolving EUCS framework.
-
It provides stronger safeguards for organizations concerned about extraterritorial access.
At the same time, when selecting the EU-sovereign hosting, you continue to benefit from the same capabilities of the VMRay Cloud experience, so you do not have to choose between sovereignty requirements and advanced malware analysis capabilities.
Stronger Account Login Protection
This release adds another important control for security-conscious VMRay Cloud customers: IP allowlisting for account login. From now on, Account Managers can restrict login access to a defined set of trusted IP addresses or networks, helping ensure that only users connecting from approved corporate environments, secure internet gateways, or other controlled locations can access the account.
For organizations with strict security and compliance requirements, this feature delivers an immediate advantage. It strengthens account protection, reduces the attack surface for unauthorized access attempts, and helps enforce tighter governance over who can connect and from where. In other words, it is a simple way to bring even more control to our Cloud access.
More Control for Account Managers
In VMRay Cloud, Account Managers can now delete submissions and samples created by any user within their account. With this improvement, submissions that were uploaded by mistake or no longer need to be retained can be removed quickly and securely, without relying on support intervention or broader administrative access. This helps teams act faster, reduce compliance risk, and maintain stronger control over their environments.
Beyond improving day-to-day usability, this enhancement also supports better data governance. By enabling account-level cleanup when needed, organizations can align more closely with internal compliance requirements and regulatory expectations.
As VMRay integrations continue to expand, this feature becomes even more valuable. Submission deletion now implicitly supports our connected workflows such as the IR Mailbox, integrated connectors like SentinelOne and KnowBe4, giving teams much more ease in managing data across their Cloud-based analysis processes.
FinalVerdict On Prem: Still a Powerful Option
Last year, we announced that both existing and future customers can deploy FinalVerdict On Prem, giving enterprises the power to run advanced malware analysis and classification directly within their own environments, without sacrificing speed, accuracy, or confidence.
As data sovereignty, compliance, and operational control continue to rise in importance, this offering is more relevant than ever. Across Europe and the U.S., more organizations are reassessing Cloud-only strategies and bringing critical workloads back On Premises to keep sensitive data closer to home.
A Faster Path to Shareable Malware Insights: Optimized PDF Report Generation
For many teams, the PDF report is the deliverable that matters most when analyzing samples with VMRay. It’s the artifact you can hand off to people who don’t live in the Platform’s UI; attach it to an incident ticket, share it with stakeholders, add it to case documentation, or keep it for audit purposes. And because analysis results can be time-sensitive (links expire, environments change), a PDF provides a durable snapshot of what was executed, what was observed, and when it happened.
In this release, we modernized the PDF report generation architecture for both Sample and Analysis reports. The new generator improves consistency, especially for larger or more complex analyses, and resolves several long-standing PDF issues that were difficult to tackle with the previous approach. Although the work started as an architectural upgrade, we hope you’ll be satisfied with the end-user benefits, including:
-
Faster generation times
-
Improved reliability and overall performance
-
Optimized memory usage, helping reports generate in seconds rather than tens of seconds
Try it out by downloading a PDF Sample or Analysis report from your next sample detonation.
Final Words
We hope you’ll find real value in the features our teams delivered in this release. From improved visibility into threat names and classifications identified during recursive analyses, to enhanced tag support and broader hosting options such as the EU AWS Sovereign Cloud, there is plenty to explore.
As we look ahead, we will continue expanding in the CTI space, fine-tuning our threat intelligence feed, and exploring new ways to stay ahead of constantly evolving phishing threats. With two more releases planned for 2026, there is more to come, starting with another round of valuable updates in July. Until then, enjoy the freshness of spring, explore what’s new, and stay with us on the journey ahead!
