OPSWAT announced new malware analysis capabilities for IT and OT at the Black Hat USA 2022 conference. These enhancements include OPSWAT Sandbox for OT with detection of malicious communications on OT network protocols and support for open-source third-party tools in its MetaDefender Malware Analyzer solution.
With increased threats and growing concerns around propagation into OT networks within critical infrastructure environments, threat intelligence for both the IT and OT sides of the business is essential in providing the necessary data and analysis capabilities to the entire organization.
OPSWAT MetaDefender Malware Analyzer now offers the ability to map malware detected via OPSWAT Sandbox to the MITRE ATT&CK Industrial Control Systems (ICS) framework, enabling malware analysis teams to quickly understand malware tactics, techniques, and procedures (TTPs) specifically targeting OT environments. This alignment to a common security lexicon about cyberattacks targeting ICS/OT environments also helps bridge the communication gaps between IT and OT security teams.
“There is no better time and place than Black Hat to launch these new enhancements for OPSWAT MetaDefender Malware Analyzer,” said Yiyi Miao, Senior Vice President of Products. “Not only are we showcasing our heavy investment in R&D for our products, but through better malware analysis for OT, we are furthering our mission of protecting critical infrastructure. We’re excited for thousands of industry-leading InfoSec professionals to be the first to see these new capabilities and understand how we can help protect their critical environments.”
As an automation and orchestration platform, MetaDefender Malware Analyzer orchestrates the process of receiving suspicious files and submitting them to different tools like OPSWAT Sandbox, aggregating results, and then submitting those results, with actionable information and indicators of compromise (IOCs), to threat intelligence platforms.
The solution also enables organizations to efficiently process and triage high volumes of suspicious files while correlating against multiple in-house and cloud threat intelligence sources. These capabilities extend the breadth of intel for malware analysis teams, giving them more actionable insights on premises about known threats and then ultimately helping them mitigate these threats.