SecondWrite is a spinoff from University of Maryland, College Park. It is co-founded by faculty and PhDs from University of Maryland who have collaborated for over a decade in developing novel cutting-edge cybersecurity and program analysis techniques.
SecondWrite is developing an advanced malware processing engine that successfully detects all classes of malware including evasive malware and generates much fewer alerts than other solutions using deep run-time binary introspection technology for the first time.
Today’s cybercriminals develop evasive malware that successfully defeats existing cyber-security solutions by hiding itself inside sandboxes and then launches cyber-attacks on live systems.
Existing sandbox based automated malware analysis systems capture indicators of compromise (IOC) based on interaction of a malware with the external environment. A lack of an ability to introspect malware leaves a severe blind spot that is exploited by malware writers to defeat such solutions. In addition, only relying on such external behavior based IOC results in insufficient differentiation between benign and malicious software, causing lots of false alerts.
Our technology leverages an observation that malware is programmed in a fundamentally different manner from regular benign software and contains several program-level obfuscations and other anti-analysis features. We capture IOCs based on such internal programs properties. This additional IOC spectrum results in a more reliable differentiation between benign software and malware, resulting in fewer alerts.