Q: What does SecondWrite’s Malware DeepViewTM do and who uses it?
A: SecondWrite has developed an innovative automated malware analysis solution for detecting advanced malware including APTs, targeted attacks and zero-day evasions that defeat other solutions. Our dynamic analysis malware detector uses patented technology to find and evaluate hidden code paths that other malware detectors miss. Using advanced program analysis, neural networks, and our state-of-the-art patented technology, we automatically detect malicious code sequences, classifying malicious program behavior and features that consistently evade competitive technology.
Currently, SecondWrite is being used by several network security vendors, endpoint security vendors, threat intelligence and Incidence-response vendors, security product companies, security consultants, SOCs, and MSSPs to improve their malware detection capability.
Q: What makes SecondWrite different from other sandbox based solutions for detecting malware?
A: Malware DeepViewTM eliminates blind spots prevalent in existing automated malware analysis solutions. Other automated malware solutions are only based on monitoring the interaction of malware with its “external” environment, primarily the operating system’s resources on the computer. In addition, such tools are specialized to certain known evasion types.
Malware DeepViewTM is based on deep introspection and complete code exploration of malware using founding team’s ten years of research background in deep analysis of software and malware, and our patented technologies. This enables the sandbox component of our product to detect malware based on internal code behavior and overcome any evasion type, including zero-day evasions that are unknown to us.
Q: What is the input and output of your malware detector?
A: The input to Malware DeepViewTM is a file or a URL submitted by the customer or security partner. The output is a report, available in both JSON and HTML formats. The report contains a score indicating how likely the file is malicious, and several details about its behavior. The network files are also provided as output.
Q: What input file types doesMalware DeepViewTM support?
A: Currently the file types supported are:
- Windows executables (32-bit and 64-bit).
- Windows DLLs
- .NET executables
- MS Word (.DOC and .DOCX)
- MS PPT (.PPT and .PPTX)
- MS Excel (XLS and XLSX)
- Archives (.zip, .rar, 7z, .iso, .tar, .gz,.bz2)
Q: What Operating Systems are supported?
A: Malware DeepViewTM currently supports Windows OS, Mac OS and Ubuntu. The support for other Operating System will be rolled out in next few months.
Q: What deployments are supported?
A: Malware DeepViewTM is hosted on our cloud platform. Our cloud can be accessed via a web-portal or via APIs provided. Both mechanisms are easy to use. The cloud offers great ease of use with no installation needed, malware information sharing among customers, and Tier 1 support by SecondWrite.
Q: What features does the web-portal contain?
The web-portal can be used for several functions: users can get their account information, a summary of their submissions, links to their most recent submissions, ability to search submissions, and a web interface to submit files. It is user friendly and easy to use.
Q: What does your report contain?
A: Our report contains a wealth of information on the file’s static and dynamic behavior, including at least the following:
- A score indicating how confident we are that the file is malicious.
- File header information.
- List of suspicious behaviors found, including the severity level of each.
- A classification of the malware (e.g., ransomware, spyware, Trojan, adware, phishing etc.)
- The IP addresses the malware attempts to connect to.
- A world map indicating the countries in which the connected-to IP addresses reside.
- Process graph showing what processes this file creates or interacts with.
- Files it reads, writes to, moves, and deletes.
- PCAP files containing the network traffic generated by this file.
- OS calls made by each process, along with arguments.
- Yara rules matched.
- Registries that are read, written to, and deleted.
Q: What kinds of evasion does your tool handle?
A: Unlike competitor tools that are specialized to certain known evasion types, our Malware DeepViewTM can overcome any evasion type, including zero-day evasions that are unknown to us.
Q: What types of licenses are available?
A: There are three license types for SecondWrite’s Malware DeepViewTM.
- Free license: This allows users to submit up to 20 samples per month for free.
- Basic license: The starting Basic Account allows users to submit up to 200 samples per day (Other Basic accounts allow for more submissions per day). Note there is NO API Access with this account type.
- Enterprise license: The starting Enterprise Account allows users to submit up to 500 samples per day (Other Enterprise accounts allow for more submissions per day). NOTE the enterprise license does have API Access with this account type.
Please contact us at email@example.com to get more details about these licenses.
Q: What is the duration of a license?
A: Free license is currently valid forever. We reserve the right to cancel the terms of this license anytime.
Basic and enterprise license are valid for 1 year after purchase and can be renewed online. The default is set to auto-renew your subscription after 1 year please contact us at firstname.lastname@example.org to change this.
Q: What features do I get in a free version?
A: The free license allows users to submit 20 samples per month, with additional limit of 10 samples of each file type. Customers get a complete report in HTML format however there is only 1 day submission history.
You can sign-up for a free license by clicking here.
Q: What additional features do I get in a basic version?
A: There are four Basic Malware DeepViewTM versions allowing users purchase submission levels of 200, 500, 1,000 or 2,000 samples per day. In addition to features available in free version, the basic version allows users to have a complete submission history, PCAP download and access to technical support. NOTE: The basic version does NOT have API Access.
Please contact us at email@example.com for more details.
Q: What additional features do I get in an enterprise version?
A: There are three Enterprise Malware DeepViewTM versions allowing users purchase submission levels of 500, 1,000 or 2,000 samples per day. In addition to features available in basic version, the enterprise version allows users to access to a programmable API which allows automatic submission of samples to Malware DeepViewTM and enables automated workflows. Also included is reports in JSON Format and training support. Finally enterprise customers can contact us via email to purchase paid subscriptions manually, or purchase subscriptions with a higher file quota than available.
Please contact us at firstname.lastname@example.org for more details.
Q: Can I upgrade from free version to a paid version?
A: Yes, users can always upgrade from free to any paid version.
Q: Can I downgrade from paid version to a free version?
A: No you cannot downgrade during your 1 year license period. The license terms are valid for one year and cannot be cancelled before the end of the term.
Q: Can I upgrade to a more expensive paid plan part way through my 1 year license period?
A: Yes, users on a paid plan can upgrade to a more expensive license during the 1 year period with a pro-rated coupon code. Please contact us at email@example.com to obtain a pro-rated coupon code for checkout.
Q: Is there any restriction on how I can use the output of SecondWrite?
A: As per EULA, users are only allowed to use the output of SecondWrite for their internal analysis and are not allowed to use it as OEM or part of their product. In you need to integrate SecondWrite as part of your product or services, please contact us for OEM licensing details.