Automatic Security Telemetry Enrichment
Threat actors are developing sophisticated hacking tools and increasingly automating their attacks. Organizations are more than ever facing the challenge of protecting themselves against these threats. Hence, they need a proactive strategy that constantly adapts their security controls to the ever-changing threat environment. In order to cope with these changes, it is necessary to design an effective threat intelligence program.
Threat intelligence is as good as the data it ingests!
How can VirusTotal help you?
VirusTotal is the world’s richest, most interlinked and closest to real-time crowdsourced malware corpus.
Every day hundreds of thousands of companies and individuals upload suspected malicious activity to VirusTotal, making our platform the telemetry of the world. Integrating this data into your existing Threat Intelligence infrastructure will enrich your data so you can get all the needed context to take strategic decisions. You need both the big picture of threat activity as well as being able to take a deeper look into any characteristics of malicious artefacts used by threat actors. VirusTotal will help your team:
- Making faster more accurate decisions based on a multi-angular approach.
- Work more efficiently by leveraging all the security tools integrated into our malware ecosystem.
- Proactively defense your organization by monitoring malicious activity and hunting for unknown threats.
Most of Threat Intelligence and Security products in the industry provide VirusTotal API integration: threat enrichment is as easy as plugging your API key.
Additionally, you can build yourself the custom solution you need by leveraging our API.
Use Cases
Automate IOC pivoting and ingestion
VirusTotal integrates with almost all SIEM platforms. In this example, when an alert appears on our security platform, VirusTotal enriches it by providing essential data about the threat, such as detections, properties, relationships, behavior, etc. in order to help security operators prioritize them accordingly.
VirusTotal API lets you upload and scan files or URLs, access finished scan reports and make automatic comments without the need of using the website interface. In other words, it allows you to build simple scripts to access all the information generated by VirusTotal. This is the heart of the integration with any external security solution, and you can directly use it for your best convenience.
Find the script used in the example here.
Enrich your telemetry, prioritize security alerts
Sometimes we may come across a file that we don't know anything about. The SIEM describes their internal sightings and actions but fails to transmit the bigger picture. Threat reputation is useful, but we need further context. VirusTotal provides the needed multi-angular security and context data to help us identify any suspicious activity going beyond antivirus detection.
This example shows how VirusTotal provides the necessary context to find related IoCs and have a global view of the threat.