CrowdStrike Adds Malware Search Engine to 'Hybrid Analysis'
22.8.18 securityweek Virus
Endpoint security firm CrowdStrike on Tuesday announced that new search capabilities have been added to the company’s Hybrid Analysis service.
Hybrid Analysis is a free malware analysis service owned by CrowdStrike since November 2017, when it acquired Payload Security, the firm that originally developed the automated malware analysis sandbox technology.
Hybrid Analysis leverages CrowdStrike’s Falcon Sandbox, a malware analysis framework that the company claims has been used worldwide by many security operations centers, CERTs, cyber forensics labs, researchers and threat intelligence services.
Starting with August 21, Hybrid Analysis also includes malware search features powered by CrowdStrike’s Falcon MalQuery, a proprietary cloud-based malware research tool that allows industry professionals to quickly and efficiently search a massive collection of samples.
The addition of Falcon MalQuery to Hybrid Analysis allows users to quickly scan through petabytes of threat data based on YARA rules or string/binary patterns. Each search can be refined based on certain criteria, such as the type, date and size of the file.
According to the security firm, running a scan takes only minutes instead of hours, and search results can be downloaded and shared.
CrowdStrike has described the addition of Falcon MalQuery to Hybrid Analysis as donating the tool to the community.
The company has published a blog post that briefly explains how the new search capabilities work.