VxStream Sandbox - Automated Malware Analysis System
VxStream Sandbox is an innovative and fully automated malware analysis system that includes Hybrid Analysis technology. It is available as a standalone software package and can be installed at a local site including a webservice and API. It works with VMWare ESX, VirtualBox and Windows XP up to Windows 8.1. The feature set is extensive and reaches from JSON/XML/HTML report formats to over 200+ generic behavior signatures. What makes it innovative is Hybrid Analysis (see our blogpost), which is implemented as a high-performance engine called StaticStream. Using Hybrid Analysis, it is possible to detect and analyze dormant code, shellcode or dropped files and extract valuable artifacts and threat indicators. In general, this leads to a lot more significant behavior data that can be used to better understand and adapt to threats. Offering a wide range of configuration options, an open Python based signature interface, an intuitive user-centered design and machine-parsable output formats, you have a high-tech forensics tool at hand to integrate into your IT-security product or security lifecycle. The system comes with a load balancing controller that makes sure VM parallelization scales efficiently allowing you to process data on a large scale, if necessary.
Where is VxStream Sandbox situated in the value added chain?
Today, modern IT security has accepted that it is not possible to prevent targeted attacks or threats breaching security boundaries that relies on pattern matching or other rule-based systems. Instead, we need to take a closer look at potential threats and make an intelligent decision based on a file's behavior, analyzing also dormant code locations, rather than patterns and rules. Why? Because malware variants are growing daily. On our malware analysis service we come accross samples that have a detection rate of 0/57 on VirusTotal, but our behavior signatures trigger and detect all kind of malicious behavior. The ability to detect unknown threats is what makes VxStream Sandbox so strong. The following diagram outlines where Payload Security is situated in the value added chain.
With VxStream Sandbox you can run your own large-scale system to analyze and extract intelligence. Either as a webservice or as a standalone system that interacts with your own IT-security product interfaces. VxStream Sandbox is a high-end, fully automated malware analysis system for CERTs, DFIR teams, IT-security forensic labs, researchers or vendors with their own IT-security products (e.g. SIEM systems or network carriers) that want to understand threats in-depth and extract intelligence within less than 10 times. Feel free to try out our free malware analysis service at hybrid-analysis.com.
Download VxStream Feature Comparison (PDF, 273 KB)
How can I license the software and install it on my own site?
If you are interested in licensing the full version of VxStream Sandbox (includes the web application to run your own service, an API, the runtime monitor, the load balancing controller, hybrid analysis technology, report generator, all behavior signatures, scripts, etc.) or have any questions, please use our contact form and get in touch. We have a very simple licensing structure and additional options. If you are interested in a demo, try out our free malware analysis service at hybrid-analysis.com.