
Use Cases
Threat Intelligence Providers
Specific Challenge:
- Despite several sources of maliciousness verdicts and attack specifics, there are still files/URLs for which there is no definitive verdict and others with no attack specifics
DeepView Sandbox Value:
- Accurate verdicts/confidences on any file/URL based on dynamic execution behavior analyses at a binary level as well as detailed attack reports with forensics data
- API integration to upload specific malware files download results into any database or threat management system
Business Impact:
- Undetermined or suspected files are resolved with high-accuracy and with high-confidence in almost all cases
- Detailed forensics data from DeepView Sandbox reports enriches threat intelligence
MSSPs/SOARs
- Alert fatigue for Tier 1 security analysts for “unknown”/”suspicious” files (ones with no pre-existing signature, i.e., zero-day malware); 100% reverse-engineering for Tier 2 & 3 to resolve
DeepView Sandbox Value:
- API integration to accurate verdicts/confidences based on dynamic execution behavior analyses at a binary level
- Detailed reports to aid security analysts in remediation
Business Impact: MSSPs’ customers are provided:
- A definitive verdict/confidence to correctly tag the alert
- Detailed report for security analysts to quickly remediate an attack
- Labelled hashes for future
End-Point & Network Security Vendors (IDS/HIDS/NIDS)
- “Unknown”/”Suspicious” verdicts for files/URLs from customers for which there is no pre-existing signature – particularly true for zero-day malware
DeepView Sandbox Value:
- Definitive verdict with confidence level based on forced execution of all code and dynamic behavior analysis at a binary level
Business Impact:
- Vendors’ customers are provided a definitive verdict in all cases; moreover, the hash for the new malware can be added to the vendors’ threat intel
Security Analysts / Threat Hunters
- Ascertaining the nature of a recently discovered malware attack, i.e., dropped files, deleted/written/read files, network connections, network communications, etc. to remediate attacks or discover the next component in an attack chain
DeepView Sandbox Value:
- Detailed report that captures malicious behavior and network traffic based on dynamic behavior analysis at a binary level by forced execution of all relevant code
Business Impact:
- Security analysts / threat hunters are saved from starting with manual analysis; their analyses get a jump-start with detailed specifics/evidence on malware’s behavior in the report
Enterprise SOCs/NOCs
- Limited security staff in SOC/NOC to respond to alerts of “unknown”/”suspicious” files; very small team of security analysts to diagnose, reverse-engineering, and remediate such files
DeepView Sandbox Value:
- API integration to upload suspected malware files for dynamic analysis and download accurate verdicts/confidences based on dynamic execution behavior analyses at a binary level as well as detailed reports;
- Report details/evidence aid security analysts in ascertaining attack & remediation
Business Impact:
- Security monitoring staff are spared “unknown”/”suspicious” alerts with accurate verdicts in all cases
- Security analysis teams start with detailed attack specifics in reports