The Blue Coat Malware Analysis Appliance is a key component of Blue Coat’s Advanced Threat Protection solution, providing actionable intelligence that combines static, dynamic, and reputational analysis techniques. Integrated with the Blue Coat Content Analysis System or the Blue Coat Security Analytics Platform with ThreatBLADES, it provides a highly scalable solution for detecting and analyzing unknown, advanced, and targeted malware.
This adaptive and customizable sandbox solution delivers enterprise-class, comprehensive malware detonation and analysis using a unique, dual-detection approach to quickly analyze suspicious files and URLs, interact with running malware to reveal its complete behavior, and expose zero-day threats and unknown malware.
Expose More Malicious Behavior
The Malware Analysis Appliance utilizes a powerful dual-detection approach that combines virtualization and emulation to capture more malicious behavior across a wider range of custom environments than typical consolidated single-sandbox solutions.
- Emulation Sandbox: An instrumented, fully controlled, replicated PC computing environment emulates Windows systems to detect malware that otherwise will not detonate within a virtualized environment
- Virtualization Sandbox: Custom analysis profiles replicate actual Windows production environments, down to the applications and versions in use, to quickly spot anomalies and behavioral differences that unveil anti-analysis, sleep, and other advanced evasion techniques. A virtualized Android sandbox detects and analyzes mobile threats traversing enterprise networks.
Multiple Detection TechniquesThe Malware Analysis Appliance uses a combination of static and dynamic analysis techniques that employ standard, custom, and open source YARA patterns to unmask cleverly disguised malware. It detects packed malware and VM-aware samples that alter their behavior in an artificial environment, plus malware that attempts to wait out any sandbox analysis using short or long sleeps
A Multi-Analysis at Many Levels
Anti-analysis defeating tools – such as hook-based introspection, high-level and low-level event capture, and detection in both kernel and user modes – intercept and convert behavior into detailed forensic intelligence.
Interact with Running Malware
Flexible plug-in architecture extends detection and processing by interacting with running malware, clicking through dialog boxes and installers, and generating unique post-processing analysis artifacts.
Generate More Relevant Results
Virtual machine profiles replicate multiple custom production environments, allowing security analysts to analyze threats across a range of operating systems and applications. They can closely match their organizations’ desktop environments, gathering intelligence on malware targeting their organizations directly or seeking to exploit specific application vulnerabilities.
Customize Detection and Risk Scoring
Detection criteria, analysis parameters, firewall settings, and risk scoring can all be customized to add flexibility, unique detection, and fast response capabilities when analyzing non-traditional and targeted malware in unique production environments.
Adaptive Intelligence for Changing Threats
Since the Malware Analysis Appliance does not rely on static signatures, its flexible detection patterns are designed to detect polymorphic files, single-use targeted malware, and fast-changing website domains.
Detailed Forensics for Remediation
Blue Coat sandboxing technology provides security defenders a comprehensive map of the damage—including both host-based and network indicators of compromise—that any malicious file or URL would cause to equivalently configured production machines without putting actual computers or sensitive data at risk.
Share Threat Intelligence
As unknown, advanced, or targeted malware and zero-day threats are exposed, the new threat intelligence is continuously shared across the security infrastructure and with the Blue Coat Global Intelligent Network, composed of 15,000 customers and 75 million worldwide users.
Inoculation for Forward Defenses
The Malware Analysis Appliance turns unknown threats into known threats and shares threat data with others across the global network, improving the effectiveness of front-line defenses such as Blue Coat ProxySG secure web gateways by moving protection forward to the perimeter where blocking will take place for subsequent attacks.