The VMRay Platform v4.6.0 release incorporates several new features and enhancements to help CERT and incident response teams enhance the efficiency of their operations. Here are some of the highlights:
Improved overviews of manual searches conducted by enterprise SOC teams and managed security services providers (MSSPs).
Support for macOS Big Sur. Although macOS is not nearly as frequently targeted as Windows, it is still vital that you have coverage, if only to support your remote workers and bring-your-own-device (BYOD) policies.
A new connector for SentinelOne Singularity to improve our coverage and integrations with industry-leading EDR platforms.
Finally, we are proud to announce the general availability of our Machine Learning Engine for Phishing. If you are interested in learning more about VMRay’s approach to machine learning, please visit our blog or read our whitepaper on the topic.
New Console UI:
The ramped-up VMRay’s Console UI is now available for Cloud customers. It includes improved look & feel to our Console, as well as functionality enhancements concerning search capabilities and list-sorting. As announced earlier, this multi-phase project is transforming our frontend into a modern, state-of-the-art technology.
A new look to the VMRay Console More Effective Advanced Search and Lists Pages
Security analysts and threat researchers have to deal with a lot of data every day. Accessing data and garnering insights from it quickly is critical. Also, having data easily available on hand will prove helpful for security teams seeking to collaborate more efficiently in their day-to-day work. For this purpose, the ‘Submissions’, ‘Analysis’, ‘Job’ and ‘Sample’ lists in the Console now support more advanced functions, such as sorting, quick filters, and adjustable page sizes.
Additionally, the legacy Extended Search has been transformed into the new Advanced Search, providing users with an improved experience and a more intuitive workflow. Stay tuned, as we continue with the transition to more modern frontend technology. The next step of this project will be to introduce a new and improved UI for the Analysis Report as well.
New functionality added to the Submissions List An improved Advanced Search for more powerful queries MacOS Big Sur Support
With the continued adoption of MacOS in the Enterprise and increasing MacOS malware, we have expanded our Dynamic File Analysis for macOS, complementing VMRay’s longstanding coverage of Windows environments.
Support for macOS Big Sur (version 11) has now been added.
ML Engine for Phishing is Now GA
With the previous release of VMRay Platform 4.5.0, we have introduced a beta version of the ML Engine for Phishing, which performs analysis and detection of phishing threats through supervised machine learning models. Today, we are announcing its general availability .
Behind the scenes, we have carefully monitored and evaluated the precision and accuracy of our supervised machine learning models. Based on the findings, we have optimized them by:
Updating the models by using broader and more accurate data for training
Added more internal mechanisms to eliminate false positives . Examples of such mechanisms include considering the domain and http status codes for calculating the verdict.
For our users, this means that the platform can now produce malicious verdicts with its default setting, as you can see in the below screenshot:
The default setting of the ML Engine for Phishing now sets to ‘Normal’ and will generate malicious verdicts Hot Detection Updates
Since threats are progressing around the clock, the VMRay platform is constantly evolving with its continuous signature and detection update mechanism. Early last year, we also introduced such an update mechanism for our on-premises customers, allowing them to stay up to date at all times. The following improvements have been introduced by our Labs team to ensure we stay one step ahead of threat actors:
Coverage of configuration extractions, as well as the YARA rules for prevalent malware families, has been expanded
Several new VTIs for various malicious behavior have been added
The precision of Phishing VTIs has been improved
The accuracy of the verdict calculation mechanism based on VTI Rule Matches has been improved
Extended Integration Coverage with EDRs
There are numerous use cases for VMRay Analyzer being the perfect complement to existing EDR cyber defense stacks. You can find more information on our solution page .
Today, we would like to announce that another important integration has been implemented:
Mutual customers of VMRay and the SentinelOne Singularity platform can now enjoy full automation when validating and enriching alerts coming from their EDRs. All threat-related files are automatically submitted to VMRay Analyzer, and their respective VTIs and IOCs are reported back to the Singularity platform to make the lives of security analysts easier.
With the SentinelOne Integration, VMRay now covers most of the major EDR players, including Microsoft Defender for Endpoint, Carbon Black Cloud EDR , as well as Cybereason Defense .
Final Thoughts
The new features and enhancements introduced in the Platform 4.6.0 release are here to emphasize our dedication for making the life of SOC teams easier, placing them at the center. We address the increasing complexity of security processes and tools, and continue to innovate for more efficient and effective security analyst experience .
We’re looking forward to sharing more of these exciting news with you on our next release.
