Introduction
The first quarters of 2024 have been nothing short of dynamic, with three impactful releases! We hope you’ve enjoyed the features delivered in recent months, including the simplified integration with the built-in SentinelOne connector, support for MITRE ATT&CK® v14.1, and tr our dear FinalVerdict users. Additionally, we are making continuous enhancements to improve signature and detection updates in our Platform products. You can check out the latest Detection Highlights here .
Now, without further ado, let’s dive into our latest achievements of the 2024.4.0 release.
Support for Window
With the release of version 2024.4.0, we’re glad to announce a significant enhancement to the VMRay Platform: support for Windows 11 (23H2) in our analysis environment. This update extends across our DeepResponse, FinalVerdict, and TotalInsight products, ensuring full parity with our customers’ environments and allowing for
We know this feature has been highly anticipated. By carefully refining our technology, we can safely say that our Windows 11 analysis delivers the most precise and trustworthy results, free from noise and false positives. Now, you can confidently analyze Windows 11 files, knowing you’re backed by the best-in-class malware detection and analysis capabilities.
Windows 11 is the latest major operating system in the Windows family as of 2023, offering enhanced features and improved performance but also presenting new challenges in cybersecurity. As Windows 11 adoption grows, so too does the complexity of the threats aimed at exploiting its unique architecture. Hackers are already crafting malware designed specifically to breach Windows 11’s defenses, making it crucial for security solutions to keep pace.
VMRay’s competitive edge: hypervisor-based support
This is where VMRay truly excels: we’re the first in the market to offer hypervisor-based support for Windows 11 in our analysis environment. But what exactly does this mean for you?
VMRay’s hypervisor-based approach stands out as cutting-edge due to its unique agentless architecture, which operates directly at the hypervisor level. This allows us to gain deep, undetectable visibility into malicious activities, setting us apart from traditional methods that rely on software agents. By avoiding the use of agents, our approach ensures that malware runs in an environment that is indistinguishable from the real world, significantly reducing the chances of evasion. The hypervisor monitors and analyzes every system interaction, delivering unmatched accuracy and thoroughness in detecting and analyzing even the most complex threats.
By leveraging hypervisor-based support, our Windows 11 analysis environment functions like a stealth security expert embedded deep within your system, swiftly and precisely identifying threats while remaining completely undetectable to the malware.
Windows 11 security concerns
Emerging threats:
Exploits targeting new features – cybercriminals are quick to exploit new features and configurations introduced in Windows 11, making it essential to stay ahead with cutting-edge threat simulations.Zero-day vulnerabilities – as a newer OS, Windows 11 is more susceptible to zero-day vulnerabilities, requiring proactive threat analysis before patches are available.
Compatibility threats:
Windows 10 – as a mature OS, Windows 10 continues to be targeted by legacy threats and older malware, which remain prevalent due to its widespread use.Windows 11 – new features and configurations may not yet be fully covered by existing threat databases, potentially leading to a higher prevalence of specific threats targeting Windows 11 during its initial phase.
Comprehensive OS support
We understand that your organization’s digital ecosystem is diverse, which is why VMRay offers comprehensive support across all major operating systems—Windows, macOS, and Linux. Whether your threat landscape includes desktop computers, laptops, or servers, VMRay has you covered. Our Platform is designed to deliver consistent, reliable analysis regardless of the OS, ensuring that your security posture remains strong across the board.
Windows 11 sample analysis in the VMRay Platform
Simplified Virtual Machines Management for On Premises Users
In our 2023.3.0 release blog post, we hinted at a great update for our On Premises users—and here it is! We’d like to introduce simplified VM management for On Premises Users. This latest enhancement brings an improved level of efficiency to managing VMs and snapshots, making the process smoother.
Previously, managing VMs and snapshots involved a fair amount of manual setup, with potential risks of misconfiguration. Additionally, keeping track of VM details and their statuses often involved complex procedures.
Now, with our latest update, the Platform Server automatically handles VM management with minimal effort required from end-users. Here’s how:
Automatic updates – the Platform Server now automatically manages VM snapshots based on the configuration provided by the Platform Worker. It continuously updates and maintains accurate information about snapshots, VMs, and their OS types and versions.Real-time information – thanks to regular updates from the Platform Worker, the Platform Server always has the most current information on VM snapshots and their configurations. This ensures you’re working with the latest data without any manual effort.Effortless management – VM management is simplified, reducing the need for manual intervention and minimizing potential misconfigurations.
On Premises Administrators will find this feature especially valuable, as it enhances their experience with a smoother, more intuitive VM management process. By reducing the administrative burden and simplifying tasks, we aim to improve your overall efficiency and effectiveness in managing your deployment. Enjoy the enhanced experience and stay tuned for more innovations that will continue to streamline your operations!
VM details in the VMRay Platform
VM details in the VMRay Platform
Upsized IR Mailbox Limits: A Big Win for Security Teams (and Your Inbox)
Lf communication in the modern world—fast, convenient, and sometimes, unfortunately, a gateway for cyber threats, and most notably – phishing. Picture your email inbox as the front door to your house. It’s convenient to receive visitors, but you wouldn’t want just anyone stepping in uninvited. That’s where VMRay’s Incident Response Mailbox comes in, acting like a vigilant security guard, ready to assess anyone who knocks.
Think of the IR Mailbox as your organization’s digital security checkpoint. It’s a dedicated mailbox hosted by VMRay where employees can forward any suspicious emails they receive. Rather than navigating the murky waters of “Is this email safe or not?”, your team can simply hand it off for analysis within the VMRay Platform. With the IR Mailbox, potentially harmful messages are quickly analyzed and identified by VMRay, ensuring that malicious emails are intercepted before they can cause harm.
Why the upsized limit matters? Here’s the news: the IR Mailbox just got a serious upgrade. Previously, the maximum size for email submissions was 10 MB. With phishing emails and attachments getting bulkier by the day, this limit was starting to feel a bit restrictive. Recognizing this, we’ve increased the submission limit from 10 MB to 50 MB. It’s like upgrading from a compact car to a spacious minivan—plenty of room for those larger, potentially dangerous emails to be fully scanned by our VMRay Platform.
Let’s face it: phishing isn’t going away anytime soon. In fact, it’s more like a virus that keeps mutating, with cybercriminals constantly finding new ways to slip through the cracks. Email remains one of the most popular methods for launching an attack. And while the classic “You’ve won a million dollar!” scam might not fool anyone anymore, the bad guys are getting more sophisticated.
By upsizing the IR Mailbox limit, we’re empowering your team to report even the biggest, most complex phishing attempts. Larger emails often mean more content to analyze—more attachments, more data, more potential threats. Now, with the ability to submit up to 50 MB, your team can forward large emails with ease, and our Platform will handle them efficiently.
50 MB IR Mailbox-forwarded email analyzed in the VMRay Platform
We’re shipping an update designed to enhance your integration experience with the VMRay Platform. As many of you know, we’ve recently introduced the integrated SentinelOne EDR connector, and it’s been great to see how it’s already making a positive impact on your workflows.
In this update, we’ve refined the user interface for better clarity and consistency with our other Platform components. The submission interface now features a new label—“EDR Connector.” This simple change makes navigation and filtering more straightforward, helping you find exactly what you need with ease.
EDR Connector interface type We’re pleased to see how effectively this integration is already benefiting many of you. By embedding the SentinelOne connector directly into the VMRay Platform, we’ve significantly reduced the time and effort typically associated with integration. Gone are the days of complex installation processes and ongoing maintenance.
If you haven’t yet explored this connector, we invite you to visit our Automation Dashboard. From there, you can easily access the new, simple configuration page for the integrated SentinelOne connector. Discover now how these updates can simplify your workflow and further enhance your operational efficiency.
Automation Dashboard in the VMRay Platform
Final Thoughts
As we wrap up this update, we hope you continue to enjoy the integration and ease of use provided by our SentinelOne connector. In our upcoming releases, we will explore additional integrations within the VMRay platform, aiming to deliver even more powerful and intuitive tools.
Our next update, will focus on enhancing the stability and performance of our operating systems and internal systems. While these improvements may not come with flashy new features, they are essential for maintaining the VMRay Platform’s stability, speed, and ease of maintenance.
Enjoy the features we’ve introduced with our fourth release of the year, and stay tuned as we continue our journey. We’ll reconnect as winter approaches with more updates on our latest efforts.
