Chronicle, the cybersecurity subsidiary of Google’s parent company Alphabet, has announced VirusTotal Enterprise, which is aimed at helping enterprises protect their own networks.
About VirusTotal Enterprise
VirusTotal is a well-known website/online service that allows anyone to check whether a submitted file or URL is detected as malicious by a variety of antivirus products and website/domain scan engines.
VirusTotal Enterprise will allow (paying) users to search for malware samples (using VT Intelligence), hunt for future malware samples (using VT Hunt with YARA), analyze malware relationships (using VT Graph), and automate all these tasks with the service’s API.
Improved search and more powerful data visualization
The new malware n-gram content search will increase search speed dramatically and improve search accuracy as it allows users to use additional parameters such as common icons across files, spam emails sharing a common visual layout, and so on.
The service will provide new details about uploaded malicious files, including things like embedded domains, IP addresses, and interest-ranked strings.
Private Graph allows enterprise security analysts to manually add information about their company’s internal infrastructure to create more helpful visualizations of malware relationships.
“The purpose of this feature is to help with an investigation, so the information that would be linked would most likely be machine names, user names, etc. internal to an organization – not the organization’s customer information,” Brandon Levene, Head of Applied Intelligence at Chronicle, told Help Net Security.
“That being said, think of this like putting a short list of machine names in a file in a secure drive. It’s not shared with VirusTotal users except those that you explicitly indicate. It’s not scanned for purposes outside of showing the graph, and these graphs aren’t visible to the general VirusTotal user population. It’s similar to putting a file with some machine names in a Google drive that you share with a handful of people. We don’t know what’s in the file and don’t share it or scan it. The whole purpose of Private Graph is to make it easier for analysts to protect their information during an investigation and to enable secure team collaboration.”
Private graphs can also automatically extract commonalities from nodes, to identify indicators of compromise.
Finally, with VirusTotal Enterprise comes a new, unified interface across the free and paid VirusTotal sites, new API management of corporate groups, and the option of using existing two-factor authentication to secure access to VirusTotal Enterprise accounts.
“The new service does not bring any changes in the company’s relationship with their AV partners. It is centered on making the features in VirusTotal (i.e., searching, access control, graphing) more powerful for customers,” Levene explained.
“The service is available globally and the new features (Private Graph, n-gram search, extended retrohunts, etc.) will be available as licensed add-ons on top of the existing VirusTotal packages.”