A major setback that we have consistently noted in the real-world is that many SOC environments do not have the proper staffing or, environment to allow their own employees to conduct malware or, phishing analysis in a self contained manor. Most of the time we have noticed that companies provide host-based virtual machines to their employees and have them go wild. While there are many drawbacks to this approach, of the few that we have noted: 1) Hosts not in host-only can in fact spread malware to adjacent network connected devices. 2) When malware or a phishing campaign is investigated; not providing a safe network connection (outside your own ISP / Net Range) for analysts to test from can alert an attacker that you are analyzing samples or campaigns they have sent you. 3) E-mails that contain malicious samples are sometimes executed due to improper handling leading to expensive clean-ups and the removal of skills from employees who want to further their career(s).
Many of the other companies charge a hefty amount to utilize online sandboxes which are automated. Where is the benefit in that? Your analysts don't gain the proper skills he or she requires to execute a meaningful investigation and, if that's not bad enough. Many times automated sandboxes can in fact miss artifacts that a human eye can pick upon.
While our sandboxes are not as expensive as the others, we will provide you with all the tools and utilities you need to detonate malware, examine phishing campaigns, create YaRa rules and much, much more! We provide you with unlicensed version of operating systems that you are free to use or, license at your own discretion and all the tools to investigate. Whether you are performing a static analysis or, a dynamic analysis on a sample that you have detonated.
-
Our Sandboxes
Semi-Automated sandboxes that your analysts can utilize to provide automated static analysis or, full on dynamic analysis. From memory acquisition, file system activity, startup activity, monitors, API monitoring, network monitoring and much much more! Each sandbox is equipped with IR tools that can pull quick triage against the system to provide better depth of analysis. Additionally, we can create front-end databases for reporting and automated responses!
-
Dynamic Analysis
Worried about ransomware? Or, maybe you're worried about samples being detonated? Not to worry, not only can we establish a virtual instance for you, we can even discuss with you how we can go about obtaining obscure instances so that threat actors cannot identify whose systems are providing the triage or analysis on their samples.
-
Findings & Reporting
Need the results in a report format? Not a problem. We also have tools which work in conjunction with our labs that help you report events. You can also share those events with other analysts and provide a thorough threat hunt to discover other systems that have been affected or, provide them with tools and scripts to check all 3 major end-points (Windows, Linux and MacOS).
-
Internal Training & Education
Our tools come with training in both document and video format. Learn in the traditional way? Not a problem! We can come on-site and train you in the processes and procedures as well as the tools that we have developed to help make your life easier. We can also help craft a lessons learned for your environment if in the event you are hit with malware or, need to clean up after an infection.
If you would like to learn more about our Phishing & Malware Sandboxing services, drop us a line to find out more!
