FAQ: Malware Analysis & Detection Sandbox Platform | VMRay

VMRay – F.A.Q.

Malware Analysis & Detection Platform FAQ VMRay Product Portfolio

VMRay provides a comprehensive suite of threat analysis products that enables your security organizations to thrive: aiming to resolve the core challenges of your security organization, the new VMRay portfolio is designed to help improve your SOC productivity, maturity and the Return On Investments made into your SOC teams!

VMRay Full Portfolio:

DeepResponse:
With a focus on speed and efficiency, DeepResponse is designed to help you reduce incident response times, improve ROI of threat-hunting efforts and improve your detection engineering efficiently.

FinalVerdict:
As the single reliable source of truth, FinalVerdict provides timely insights around malware and phishing threats to increase the SOC effectiveness.

TotalInsight:
With advanced monitoring & detection capabilities, configuration extraction, IOC scoring technologies, and API-first approach, TotalInsight enables you to quickly & effectively analyze even the most evasive malware samples and turn them into accurate actionable intelligence.

VMRay offers a unique mix of stealthiness and efficacy that allows it to stand out from the pack. Traditional sandbox solutions either do not produce results at all due to being detected by malware (which then ceases operation) or produce too much data due to poor result filtering or slow performance.

VMRay delivers reliable results without adding the burden of filtering irrelevant data for your analysts. With years of experience and continuous efforts, VMRay is well-equipped both for current malware, as well as for staying ahead of the game when encountering new threats.

VMRay is capable of detonating each sample in multiple analysis environments (i.e. virtual machines with different configurations). This ensures that customers will be able to see as much behavior as possible from a submitted sample, no matter what system it is targeting.

The selection depends on the file type at hand, i.e. both the VMs themselves and their amount will depend on what has been submitted. A single file can lead to multiple analyses which will be deducted from the quota. The selection of the analysis environments can be controlled by the user, (e.g. by removing detonation environments from a submission or adding additional, non-standard ones).

Technology

“Now, Near, Deep” combines dynamic analysis with our static analysis engine and built-in reputation checking. Our groundbreaking dynamic analysis engine is at the heart of this approach. It utilizes hypervisor-based monitoring, which embodies four differentiating traits:

  • Evasion resistance
  • Full visibility
  • Precise, noise-free output
  • Scalability to support short-term spikes and long-term growth.

The Now, Near, Deep approach enables security teams to handle larger analysis volumes, speed up detection, and improve the productivity and efficacy of security personnel and infrastructure.

For more information on our Now, Near, Deep approach, read our blog post

Unlike traditional malware sandboxing solutions, VMRay monitors malware behavior solely from the hypervisor layer and does not need to modify a single bit in the analysis environment. This allows VMRay’s products to monitor the interaction between the malware and the system while remaining completely invisible to malware.

Today, malware is designed to recognize when it runs inside an analysis environment and can stall or exit inside a sandbox. Yet even the most evasive malware will reveal its behavior in VMRay’s products.

For more information on our hypervisor-based monitoring technology, read our Technology Whitepaper.

Privacy & Compliance

All samples uploaded to VMRay Cloud products are only accessible by users in your organization.

VMRay does not share any files or identifiable customer data with external parties. See our license agreement and DPA for our data protection policy under GDPR.

If you enable VirusTotal integration with your API key, then VirusTotal will receive a hash query during analysis.

Yes, VMRay is GDPR compliant.

VMRay On-Premises customers can ensure that their data never leaves their network. For organizations choosing a cloud solution, personal data and other sensitive information is protected in accordance with some of the strictest data privacy laws in the world.

VMRay allows customers to create a completely isolated environment for analyzing advanced malware threats, without the risks posed by open-source tools and services. Our Data Processing Agreement (DPA) for GDPR compliance is available here.

Yes. VMRay features SAML 2.0 support for single sign-on (SSO), making it easy to integrate our platform with your company’s chosen identity provider.

Yes. Users can enable 2FA and use a Time-based One-Time Password (TOTP) token generated from another device to access their VMRay account. Popular 2FA apps such as Google Authenticator or Duo can be used to scan and generate codes required for authentication. In addition, VMRay’s SSO support can be leveraged to use the identity provider’s MFA support.

Yes. VMRay offers two data center locations, one in the EU and the other in the US, to our customers. While located in different regions, both are ISO27001 compliant, meet GDPR standards for data protection and privacy, and meet the Singapore Monetary Authority guidelines for cloud services for the financial sector. Read more here.

Support

Support is available during European and US office hours. Support tickets can be opened via email or our Zendesk portal or by calling our toll-free number +1(888)958-5801 (in North America).

More details are available in our license agreement at www.vmray-legal.com or see our Contact page.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator