BluVector’s New Threat Detection Capability Finds Latest Memory-Based Malware in Real Time, at Network Edge

New Analytic Capability Delivers All of the Benefits of Network Sandbox Technology but in Real-time

July 20, 2017 – Arlington, VA – BluVector, a leader in network security monitoring and analytics, announced new detection capabilities that offer the benefits of network sandboxing capabilities but performs analysis in real-time at the network edge. This new analytics capability detects malicious shellcode and JavaScript embedded in files at network speed using patented emulation technology.

Sandboxing has long been established as a necessary security activity for companies to detect malware threats within files. Yet, that activity comes with two significant risks: the time required to sandbox each suspected file and evolving evasion techniques. The latest version of BluVector was built to target and solve these new realities.

In today’s sprawling network environments, the time required to sandbox a threat can take several minutes per file. Doing that analysis at volume, especially for larger enterprises, results in significant cost for organizations that are facing escalating and complex attacks on their network assets. In addition, malware threats are increasingly including sandbox evading technology that attempts to fool the sandbox into declaring the software benign.

The latest version of BluVector gives organizations real-time analysis of memory-based malware in milliseconds per file at up to 10Gbps speed.  The new analytics technology runs in parallel with BluVector’s existing, patented supervised machine learning engine to give customers additional detection insight into malware utilizing the latest obfuscation techniques.

Like a traditional sandbox, BluVector’s new analytic capability delivers analysis based on observation of software execution but unlike a traditional sandbox, the analytic operates on any generic byte stream. The new capability is based on an analysis technique known as speculative code execution. Speculative code execution attempts to determine what an input can do rather than what it does do.

“The full potential of the speculative code execution approach has not yet been reached,” said Scott Miserendino, VP R&D, BluVector. “We are dedicated to leading the cyber security market with this evasion-resistant and high-speed dynamic analysis technology. In fact, later this year we will announce another capability – based on this technique – that will fundamentally shift how we approach security defense.”

To see BluVector’s latest malware detection in action, visit BluVector in booth #1565 at Black Hat 2017 in Las Vegas.

All Threat Reports