malware analysis

malware analysis uses a powerful dual detection method that combines virtualization and simulation. Compared with a typical integrated single sandbox solution, it can capture more malicious behaviors in a wider range of customized environments.

sandbox simulation:an instrumented, fully controlled, replicated PC computing environment that simulates a Windows system to detect malware that will not trigger in a virtualized environment

Virtualization sandbox:custom analysis profiles replicate the actual Windows production environment and drop to in-use applications and versions to quickly discover anomalies and behavioral differences that exhibit anti-analysis, sleep, and other advanced avoidance techniques. The virtualized Android sandbox can detect and analyze mobile threats traveling through enterprise networks.

Key features of Blue Coat malware analysis

• Defeat Anti-analysis at Multiple Levelsanti-analysis elimination tools (such as hook-based introspection, high-level and low-level event capture, and detection in both kernel mode and user mode) can intercept behavior and convert it into detailed forensic intelligence.

• interacts with running malwareflexible plug-in architecture extends detection and processing by interacting with running malware, clicking through dialog boxes and installers, and generating unique post-processing analysis products.

• generates more related resultsvirtual machine profiles replicate multiple custom production environments, allowing security analysts to analyze threats in a range of operating systems and applications. They can work closely with your desktop environment to collect intelligence about malware that directly targets your organization or seeks to maliciously exploit specific application vulnerabilities.

• Adaptable to Changing ThreatsBecause malware analysis does not rely on static signatures, its flexible detection mode aims to detect multiform files, one-time targeted malware, and rapidly changing website domains.

• Detailed forensics for repairBlue Coat sandbox technology can provide security personnel with a comprehensive situation of damage. Host-based and network compromise indicators are included. Any malicious file or URL will lead to an equivalent configuration of the production machine and will not put actual computers or sensitive data at risk.

• Share threat intelligenceas unknown, advanced or targeted, and zero-day threats are discovered, new threat intelligence will continue to be shared among security infrastructures, or you can choose to work with Blue Coat.Global Intelligence Center(composed of 15,000 customers and 85 million global users) is shared. In turn, your organization can also benefit from the intelligence fed back by other organizations.

resources

• Product Description

• Solution

• white paper

• Defeating Next-Generation Malware with Next-Generation Analysis

  updated: Nov 03, 2015 (747.86KB)

• Malware Analysis Appliance Datasheet

  Updated: Jun 09, 2016 (690.7KB)