Friday, August 26, 2016

VirusTotal += Invincea

We welcome Invincea scanner to VirusTotal. This is a machine learning engine from USA. In the words of the company:


"Invincea is a machine learning endpoint security software company dedicated to killing threats without impacting business performance. X by Invincea combines machine learning and behavioral monitoring to eliminate endpoint security blind spots without sacrificing usability.
The deep learning model that powers X by Invincea was built based on years of research in Invincea Labs supported by DARPA funding — the US government agency working on breakthrough technologies for national security. Using this technology, X can determine if a file is malicious, even if that file has never been seen before and does not have a known signature.  First, X by Invincea extracts unique file features about the program and its capabilities. Second, the extracted features are then run through a multi-stage deep learning algorithm to determine how similar the file is to other malware families. X by Invincea then returns whether the file is malicious, along with the malware family that it mostly likely derives from."

Invincea has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by an AMTSO-member tester.

Thursday, August 25, 2016

VirusTotal += CrowdStrike

We welcome CrowdStrike Falcon (ML) scanner to VirusTotal. This is a machine learning engine. In the words of the company:


"CrowdStrike Falcon (ML) is a machine learning engine designed to identify previously unknown malware.  This engine is part of CrowdStrike’s Falcon endpoint protection product – the first and only cloud-delivered endpoint security solution that combines Next-Generation Antivirus, Endpoint Detection and Response (EDR) and Managed Threat Hunting in a single lightweight agent. The Machine Learning engine augments CrowdStrike Falcon’s other threat prevention capabilities, which include advanced behavioral protection based on Indicators of Attack (IOAs), exploit mitigation and threat intelligence-driven blocking. Windows PE executables and DLL files submitted to VirusTotal will be processed by CrowdStrike Falcon (ML) and the results will be displayed with a confidence score that indicates the degree of certainty the engine has in a file’s maliciousness. Scoring at this level of detail allows users to make more granular and effective policy decisions."

CrowdStrike has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by an AMTSO-member tester.