Google takes aim at the enterprise incident response market with newly launched tools.
This article originally appeared on ZDNet.
Google launched today a new set of services for enterprise customers of VirusTotal, a website that lets users test suspicious files and URLs against an aggregate of multiple antivirus scanning engines at the same time.
This collection of new tools is part of the new VirusTotal Enterprise service, which Google described as "the most significant upgrade in VirusTotal's 14-year history."
As the name implies, this new service is specifically aimed at enterprise customers and is an expansion of VirusTotal's current Premium Services.
Google says VirusTotal Enterprise consists of existing VirusTotal capabilities, but also new functionality, such as improved threat detection and a faster search system that uses a brand new interface that unifies capabilities in VirusTotal's free and paid sites.
"VirusTotal Enterprise allows users to search for malware samples (using VT Intelligence), hunt for future malware samples (using VT Hunt with YARA), analyze malware relationships (using VT Graph), and automate all these tasks with our API," Google said.
Of all the new tools, VirusTotal Private Graph is the most interesting of all, as it allows enterprise customers (small or large companies) to connect their internal infrastructure to VirusTotal and generate malware relationship graphs showing how the malware infected internal networks.
As the "Private Graph" name implies, these graphs are private and will not be shared on the main VirusTotal website. Anyone can see what these graphs look like today. The original (and public) VirusTotal Graph tool was once part of VirusTotal Premium service and was opened to all users in January 2018.
Google hopes Private Graph will become a standard way of mapping infections at large companies during incident response operations.
More on the new VirusTotal Enterprise features below:
Private Graph: Create visualizations of malware relationships, link to internal information, and keep private from other VirusTotal users.
- Private graphs allow you to include information about your own enterprise assets such as machines, people, departments, email, etc. within a graph.
- Unlike normal VirusTotal graphs, private graphs are not shared with or visible by public VirusTotal users.
- Private graphs enable secure team collaboration, as part of an incident investigation.
- Finally, private graphs can automatically extract commonalities from nodes, to identify indicators of compromise.
Advanced malware search: Search more data, faster, using more powerful terms.
- VirusTotal Enterprise increases search speed by 100x using new malware n-gram content searches
- It also improves search accuracy, using additional parameters such as common icons across files, spam emails sharing a common visual layout, etc. For example, you can extract an icon from a fake application, and ask VirusTotal Enterprise to return all malware samples that use the same icon file.
- Malware analysis is more powerful, showing new details about uploaded files, including embedded domains, IP addresses, interest-ranked strings, etc.
- We've improved usability with a single, unified interface across the free and paid VirusTotal sites.
Enterprise user management and security: Control and secure corporate access to VirusTotal.
- With this release, you can improve security by using your existing two-factor authentication to access your VirusTotal Enterprise account.
- New API management of corporate groups helps keep your internal user directory synced with VirusTotal, for better user management.
The VirusTotal service was set up in 2004 by Spanish security company Hispasec Sistemas. It was acquired by Google in 2012, and its ownership changed to Chronicle, a subsidiary of Alphabet, Google's parent company.
- 10 tips for new cybersecurity pros (free PDF) (TechRepublic)
- Google open-sources internal tool for finding font-related security bugs (ZDNet)
- Google Cloud Platform: A cheat sheet (TechRepublic)
- French cyber-security agency open-sources CLIP OS, a security hardened OS (ZDNet)
- Cloudflare ends CAPTCHA challenges for Tor users (ZDNet)
- UK watchdog has not issued any GDPR data breach-related fines yet (ZDNet)