Use Case: Scaling Malware Detection and Protection
Threat actors continue to hone their attack methods with deeply hidden malicious objects, making detection increasingly difficult and bypassing existing security devices focused on detecting malware at the file level. Many organizations are taking matters into their own hands by implementing measures to predict the latest threats by profiling, tracking, and correlating malware indicators globally to tie unknown malware strains to known or existing malware even before it is known and detectable by antivirus.
A global top-tier financial services organization decided to pursue this proactive approach. This financial institution was dealing with over 100 million files a day from web browsing, sharing sites, and email vectors. The sheer volume of inbound data into this bank’s security operations center (SOC) was overwhelming. Their goals were to search out malware threats across millions of files in hundreds of locations – an extremely complex project due to existing manual aggregation and prioritization processing of suspected malware – and to reduce long response times.
Complicating matters, this institution was migrating their files into a centralized cloud platform for better accessibility. While this enhanced user experience, it also created new risks. Security analysts became overwhelmed and overworked trying to evaluate and process every file coming in, missing malware. They needed a more effective, scalable way to investigate, correlate, and track a high volume of files in a secure way.
The bank decided to seek out a solution that could automatically analyze new objects in real time as they came across company assets – while protecting stored malware analysis results and confidential content with encryption. They required secure, high-volume analysis without the cumbersome process of leveraging manual key management on millions of files.
ReversingLabs and Ionic partnered together to serve up an automated, localized, and secure threat intelligence solution.
ReversingLabs Titanium Platform offered a way to automate the process of high-volume static file analysis to instantly detect malware at the object level, prioritize threats, and filter results with real-world, easy-to-understand language. ReversingLabs instantly puts analysis into a centralized data lake and results of all scanned objects into a large-scale file lake. This enables threat hunters and forensic investigators to focus their searches on high-priority threats to quickly surface hidden malware in very large datasets.
Due to the sensitivity of the data, it was critical to control and track all interactions of those who were handling any malware file, which is where Ionic stepped in. Ionic MachinaTM provides professionals with powerful risk mitigation tools that automatically encrypt all files with individual protection keys, eliminating the risk of improper data access and data loss.
The unique automated key management system of Machina eliminated the nearly impossible task of managing encryption keys across millions of files in hundreds of locations. Granular policy controls guarding those keys ensure that only approved users can access secure content and malware analysis results, and move files out of the data lake. Machina generates audit-ready analytics that comply with data protection mandates by tracking all data interactions, regardless of whether the data resides on-premises or in the cloud.
The financial institution deployed this solution for use in its data centers worldwide and is successfully managing, analyzing, and storing millions of files a day – while classifying threats more quickly and efficiently.
They have successfully implemented this localized threat intelligence solution that integrates with existing security controls to proactively enrich the SOC with the latest threat intelligence in human language without adding to their workload.
In addition, the financial institution:
- Reduced operational and storage costs by migrating internal file analysis storage to a cloud-based data lake without incurring cloud risk exposure.
- Securely automated high-volume malware detection, threat prioritization, and file analysis operations through the use of encryption and policy-based key management at scale.
- Improved visibility to and insights from exposed malware indicators and individuals’ access to files during the analysis process.
About Ionic Security
Ionic enables global businesses and government agencies to accelerate innovation by driving data protection across their organization, regardless of where they are in their journey to the cloud. Ionic Machina is the only enterprise-class data protection engine that delivers real-time data policy enforcement against a rich set of identity and data attributes backed by machine-scale key management, creating a system of record for unified and consistent execution.
With over two million licensed users in Fortune 500 companies, government agencies, and a growing grassroots developer community, the unique ecosystem relationships of Ionic dramatically accelerate cloud migration and multi-cloud deployments, creating value for enterprises in driving their overall security strategy. Learn more at ionic.com, or connect on LinkedIn or Twitter.
ReversingLabs helps organizations to identify malware in real-time even within millions of inbound files per day. Our solutions use static analysis to analyze enterprise-scale data in motion at the object level to detect malware and display file reputation and malware indicators instantly within existing security team user interfaces. Purpose-built for advanced malware analysis and hunting previously undetected malware, our solutions integrate directly with existing security controls for real-time enrichment with indicators for accelerated threat response. ReversingLabs solutions deliver the capabilities, speed, and scalability that large enterprises and government agencies need to uncover and contain sophisticated malware threats that have slipped past their other security measures. Learn more at https://www.reversinglabs.com, or connect on LinkedIn or Twitter.