Cyren Hybrid Analyzer improves malware detection without hitting performance
Undocumented malware only makes up a small proportion of files, yet it presents a high risk of infection. Sandboxing and analyzing everything in order to eliminate risk, however, has a major impact on performance.
To address this Cyren has produced Hybrid Analyzer. Using emulation -- effectively automatically reverse engineering the code contained in a file -- this new offering operates 100 times faster than a malware sandbox and between five and 20 times faster than alternative file analysis solutions.
"We've created a product that's based on our AV technology that produces detailed file analysis," says Pete Starr, director of sales engineering at Cyren. "If you think about traditional antivirus it scans a file and the moment it decides it's a threat it stops and says you've got a virus. We continue to scan, even though we know the file to be a threat, to find indicators and things that are wrong with that particular file so that a user with the technology can then make decisions based on the IOCs, the attributes of the file and the artifacts that we've seen."
Hybrid Analyzer provides real-time risk scoring of files to optimize defenses against undetected malware threats. It can be used to enforce smarter email security policies by analyzing file attachments for suspicious traits and behaviors.
It can also reduce or eliminate the time and costs of malware sandbox analysis and decrease the time taken to detect new malware threats. The information generated can be used to train and improve models used for detecting unknown malware and suspicious files.
"We designed this to work in air-gapped systems because we also saw a huge hole in places where files are being sent into or picked up and bought into air-gap networks," Starr explains. "What we do do is when we pick up malware samples we constantly tune the model that we've got to find threats, but this is about telling you what we see rather than necessarily making the decision for you."
You can find out more on the Cyren site.