Product Overview

A MALWARE SANDBOX THAT SUCCESSFULLY DETECTS AND STOPS ADVANCED EVASIVE AND ANTI-ANALYSIS MALWARE
Home / Product Overview

SecondWrite’s Malware DeepViewTM is a sandbox replacement product that not only contains a dynamic analysis sandbox, but also advanced technologies not present in other sandboxes. These include forced code execution to achieve complete code coverage, detection of program-level anti-analysis behavior, and deep learning using automatic signature generation and neural networks.

SecondWrite’s Malware DeepViewTM adds new dimensions to malware analysis by adding forced code-execution, deep program analysis at run time, automatic detection of program-level features, and automatic sequence detection with deep learning to identify advanced malware. This pushes the envelope of malware detection and delivers deep, actionable insight into malware quickly with a lower total cost of ownership than competitive tools.

Other solutions allow malware is able to hide itself using ever more creative evasive techniques.  Our patented technology acts as a lie detector that analyzes all the code in the malware by using complete code exploration. Other malware detectors handle evasion after the fact. Our technology is independent of the underlying evasive mechanism and proactively defeats any known or unknown zero-day evasion techniques.

Other solutions achieve only partial visibility into malware by examining its OS-level behavior only.  SecondWrite’s Malware DeepViewTM achieves complete visibility into malware by examining Program-level behavior in addition to OS-level behavior.  This can be used to detect anti-analysis malware. Anti-analysis malware is malware that hides from a variety of detection tools, such as anti-virus (AV), endpoint, debugging, sandbox, and reverse engineering tools. Other tools cannot detect this anti-analysis behavior since it cannot be detected using OS-level monitoring alone. We can detect such behavior by combining OS-level and Program-level behavior. When present, such anti-analysis behavior is a good indicator of malicious intent.

SecondWrite uses Artificial Intelligence and deep learning at two levels in Malware DeepViewTM. We use machine learning to identify novel features by automatically generating code sequences that are commonly associated with malware versus benign programs using Convolutional Neural Networks. Thereafter our solution observes whether there is match (approximate or exact) of these sequences with any given file sample. The degree of the match is then fed into a second level neural network where we use deep learning to give us the final verdict on whether a particular sample is malicious or benign.

Product Features

DETECTS EVASIVE MALWARE

Zero-day evasions, Targeted attacks, Stalling code, Anti-VM malware, time bombs and others.

Capture Anti-Analysis IOCs

These include internal program structure, anti-debugger, anti-endpoint, anti-binary analyzer, and obfuscation.

Easy-to-use API

Integrates easily with other security solutions.

Handles all file types

  • Windows executables (32-bit and 64-bit)
  • Windows DLLs
  • .NET executables
  • PDF
  • MS Word (.DOC and .DOCX)
  • MS PPT (.PPT and .PPTX)
  • MS Excel (XLS and XLSX)
  • HTML
  • URLs
  • Archives (.zip, .rar, 7z, .iso, .tar, .gz,.bz2)

SecondWrite’s advanced malware detector, Malware DeepViewTM, detects and stops all types of malware including advanced evasive malware. Malware DeepViewTM is designed for use by  the following customer segments:

  • Security operations centers (SOCs) at enterprises
  • Incidence response (IR) teams
  • Computer Emergency Response Teams (CERT)
  • Managed security service providers (MSSPs)
  • Threat intelligence vendors
  • Network security companies
  • Endpoint security vendors

In each of these segments, the customer submits files to Malware DeepViewTM for evaluation. Malware DeepViewTM then returns a report for each file describing its dynamic behavior.

Advantages

70% more indicators of compromise detected on randomly selected malware data sets than a leading sandbox containing ad-hoc anti-evasive techniques.

Handles all kinds of evasive malware. Other bare-metal or full-system emulation only handle anti-VM malware.

Handles zero-day or previously unknown evasions. Ad-hoc techniques used in other sandboxes are easily circumvented by advanced malware.

Example Comparison

Below find the indicators of compromise (IOCs) extracted from Rombertik, a highly evasive widespread spyware that steals confidential information from victims and was highly active in 2015. All IOCs marked as new were detected due to SecondWrite’s unique binary rewriting technology. Malware DeepViewTM shows around 2X more IOCs than other sandboxes.

With SecondWrite