Thursday, August 25, 2016

VirusTotal += CrowdStrike

We welcome CrowdStrike Falcon (ML) scanner to VirusTotal. This is a machine learning engine. In the words of the company:

"CrowdStrike Falcon (ML) is a machine learning engine designed to identify previously unknown malware.  This engine is part of CrowdStrike’s Falcon endpoint protection product – the first and only cloud-delivered endpoint security solution that combines Next-Generation Antivirus, Endpoint Detection and Response (EDR) and Managed Threat Hunting in a single lightweight agent. The Machine Learning engine augments CrowdStrike Falcon’s other threat prevention capabilities, which include advanced behavioral protection based on Indicators of Attack (IOAs), exploit mitigation and threat intelligence-driven blocking. Windows PE executables and DLL files submitted to VirusTotal will be processed by CrowdStrike Falcon (ML) and the results will be displayed with a confidence score that indicates the degree of certainty the engine has in a file’s maliciousness. Scoring at this level of detail allows users to make more granular and effective policy decisions."

CrowdStrike has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by an AMTSO-member tester.


Post a Comment