Sign In | Register
ThreatExpert: Introduction
ThreatExpert (patent pending) is an advanced automated threat analysis system (ATAS) designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.

The ThreatExpert system produces reports with the level of technical detail that matches or exceeds antivirus industry standards such as those found in online virus encyclopedias.

It only takes 2-3 minutes for an automation server to process a single threat, making it possible to generate up to 1,000 highly detailed threat descriptions per server, per day. Built on a distributed architecture the service can scale to a virtually unlimited amount of threat analysis servers, thereby allowing unlimited automated processing of threat samples.

The Problem
A typical threat outbreak scenario is illustrated below:
  • A new threat slips through an Antivirus Product undetected and penetrates into the Customer's environment
  • The customer submits the sample to its Antivirus Vendor for analysis
  • It can take many hours for the Antivirus Vendor to provide a response
  • Response #1: Antivirus Vendor rolls out definitions to update the Antivirus Product.
  • Response #2 (optional): Antivirus Vendor provides the Customer with the threat description
Notes:
  • Threat description response (such as a posted write-up) follows the updated detection a several hours (or even days) later
  • Due to its complexity, threat description response is only provided for a small percentage of newly discovered threats, such as high-profile threats or threats that are submitted by VIP customers. Note: the majority of new threats are detected under generic names only with no specific description provided thereby removing the possibility of manual mitigation or prevention.
The Solution
Below is the illustration of a scenario when Customer uses ThreatExpert Automation directly:
  • Being affected with a new threat, the customer submits the sample both to their current Antivirus Vendor and ThreatExpert
  • ThreatExpert provides an immediate detailed threat description analysis
  • Threat description can be used by the customer to undertake threat mitigation phase (e.g. automated or manual threat removal or prevention) hours before Antivirus Vendor responds
Below is the illustration of a scenario when Antivirus Vendor uses ThreatExpert Automation to accelerate and improve the quality of its response:
  • As soon as the Antivirus Vendor receives a sample from the Customer, it engages ThreatExpert (which could be an in-house server or a hosted server)
  • ThreatExpert provides an immediate threat description response
  • The new threat description can now be immediately posted on the corporate website of the vendor, hours before other vendors are capable to do so
  • Vendor's other Customers can now be immediately alerted about a new threat with the full threat description
  • Vendor can use the detailed behavioral report to assist in the malware analysis for generating the detection signature.

For more information on the benefits of using ThreatExpert automation in your enterprise please contact us