Expose More Malicious Behavior. As the traditional network evolves, cloud technologies become more pervasive and endpoint devices continue to change, attackers see key openings for propagation of advanced threats. To protect against threats in the most advanced use-cases, Blue Coat Malware Analysis is a key component of Blue Coat’s Advanced Threat Protection solution, providing actionable intelligence that combines static, dynamic, and reputational analysis techniques. Integrated with the Blue Coat Content Analysis, Mail Threat Defense, and/or Incident Response, Analytics & Network Forensics, it provides a highly scalable solution for detecting and analyzing unknown, advanced, and targeted malware. Where most vendor sandboxes must be deployed passively and can only report on threats, Blue Coat’s Malware Analysis can be integrated to a number of Blue Coat in-line technologies to deliver realtime sandboxing protection.
Malware Analysis utilizes a powerful dual-detection approach that combines virtualization and emulation to capture more malicious behavior across a wider range of custom environments than typical consolidated single-sandbox solutions.
Emulation Sandbox: An instrumented, fully controlled, replicated PC computing environment emulating Windows systems to detect malware that otherwise will not detonate within a virtualized environment
Virtualization Sandbox: Custom analysis profiles replicate actual Windows production environments, down to the applications and versions in use, to quickly spot anomalies and behavioral differences that unveil anti-analysis, sleep, and other advanced evasion techniques. A virtualized Android sandbox detects and analyzes mobile threats traversing enterprise networks.
Key Capabilities of Blue Coat Malware Analysis
- Defeat Anti-Analysis at Many Levels Anti-analysis defeating tools, such as hook-based introspection, high-level and low-level event capture, and detection in both kernel and user modes, intercept and convert behavior into detailed forensic intelligence.
- Interaction with Running Malware Flexible plug-in architecture extends detection and processing by interacting with running malware, clicking through dialog boxes and installers, and generating unique post-processing analysis artifacts.
- Generate More Relevant Results Virtual machine profiles replicate multiple custom production environments, allowing security analysts to analyze threats across a range of operating systems and applications. They can closely match your desktop environments, gathering intelligence on malware targeting your organization directly or seeking to exploit specific application vulnerabilities.
- Adaptive Intelligence for Changing Threats Since Malware Analysis does not rely on static signatures, its flexible detection patterns are designed to detect polymorphic files, single-use targeted malware, and fast-changing website domains.
- Detailed Forensics for Remediation Blue Coat sandboxing technology provides security defenders a comprehensive map of the damage, including both host-based and network indicators of compromise, that any malicious file or URL would cause to equivalently configured production machines without putting actual computers or sensitive data at risk.
- Share Threat Intelligence As unknown, advanced or targeted malware and zero-day threats are exposed, the new threat intelligence is continuously shared across the security infrastructure and optionally with the Blue Coat Global Intelligence Network, composed of 15,000 customers worldwide. In turn, your organization can benefit from what is fed by other organizations.