Use Cases

Threat Intelligence Providers

Specific Challenge:

  • Despite several sources of maliciousness verdicts and attack specifics, there are still files/URLs for which there is no definitive verdict and others with no attack specifics

DeepView Sandbox Value:

  • Accurate verdicts/confidences on any file/URL based on dynamic execution behavior analyses at a binary level as well as detailed attack reports with forensics data
  • API integration to upload specific malware files download results into any database or threat management system

Business Impact:

  • Undetermined or suspected files are resolved with high-accuracy and with high-confidence in almost all cases
  • Detailed forensics data from DeepView Sandbox reports enriches threat intelligence
MSSPs/SOARs

Specific Challenge:

  • Alert fatigue for Tier 1 security analysts for “unknown”/”suspicious” files (ones with no pre-existing signature, i.e., zero-day malware); 100% reverse-engineering for Tier 2 & 3 to resolve

DeepView Sandbox Value:

  • API integration to accurate verdicts/confidences based on dynamic execution behavior analyses at a binary level
  • Detailed reports to aid security analysts in remediation

Business Impact: MSSPs’ customers are provided:

  • A definitive verdict/confidence to correctly tag the alert
  • Detailed report for security analysts to quickly remediate an attack
  • Labelled hashes for future
End-Point & Network Security Vendors (IDS/HIDS/NIDS)

Specific Challenge:

  • “Unknown”/”Suspicious” verdicts for files/URLs from customers for which there is no pre-existing signature – particularly true for zero-day malware

DeepView Sandbox Value:

  • Definitive verdict with confidence level based on forced execution of all code and dynamic behavior analysis at a binary level

Business Impact:

  • Vendors’ customers are provided a definitive verdict in all cases; moreover, the hash for the new malware can be added to the vendors’ threat intel
Security Analysts / Threat Hunters

Specific Challenge:

  • Ascertaining the nature of a recently discovered malware attack, i.e., dropped files, deleted/written/read files, network connections, network communications, etc. to remediate attacks or discover the next component in an attack chain

DeepView Sandbox Value:

  • Detailed report that captures malicious behavior and network traffic based on dynamic behavior analysis at a binary level by forced execution of all relevant code

Business Impact:

  • Security analysts / threat hunters are saved from starting with manual analysis; their analyses get a jump-start with detailed specifics/evidence on malware’s behavior in the report
Enterprise SOCs/NOCs

Specific Challenge:

  • Limited security staff in SOC/NOC to respond to alerts of “unknown”/”suspicious” files; very small team of security analysts to diagnose, reverse-engineering, and remediate such files

DeepView Sandbox Value:

  • API integration to upload suspected malware files for dynamic analysis and download accurate verdicts/confidences based on dynamic execution behavior analyses at a binary level as well as detailed reports;
  • Report details/evidence aid security analysts in ascertaining attack & remediation

Business Impact:

  • Security monitoring staff are spared “unknown”/”suspicious” alerts with accurate verdicts in all cases
  • Security analysis teams start with detailed attack specifics in reports

Copyright 2020, SecondWrite, Inc.  All rights preserved.