To put it simply, there are some really cool threat detection technologies on the PolySwarm marketplace. As a recap, here at PolySwarm, we aggregate research-driven threat detection engines---both from AV companies and individual, specialized security experts---that compete in real-time to detect threats. Enterprises and individuals using PolySwarm benefit from deeper coverage of the malware landscape and unique threat intelligence from this aggregated network of engines.
In addition to engaging with large, established anti-malware brands and products, we’ve made it easy for security experts and small teams to protect enterprises by codifying novel detection techniques as a PolySwarm engine.When engaging with the research community, we look for engines that are:
- Specialized, offering unique insight to particular malware types or families, for example by detecting malware on less-covered platforms like Android or macOS or detecting fast-moving target families like Emotet.
- R&D focused, nimble & quick to adapt to changes in the threat landscape.
- First to detect previously unknown malware.
Today, there are nearly 40 microengines operating in PolySwarm. Below are a handful of PolySwarm engines that are employing novel detection techniques to identify malware early (and in some cases first) and that operate on the edge of what is traditionally detected by anti-malware solutions.
Concinnity Risks
URL: https://concinnity-risks.com/
Engine Name: Concinnity
Country: UK
Specialty: any file
Why it’s cool: Concinnity produces risk metrics for cyber insurance and underwriter companies in an innovative way--by tracking cryptocurrency addresses used for collecting illegally obtained funds, e.g. ransomware payment addresses.
What it’s doing on PolySwarm: The appearance of a cryptocurrency address used for illegal gain in a suspect artifact is a strong signal that the artifact is malicious. It’s likely that the artifact in question is ransomware, a phish or something similar. No engine on VirusTotal is focused on detecting malintent via this insight.
IRIS-H
Engine Name: IRIS-H
Country: Ireland
Specialty: Microsoft Office, Open Office and PDF files
Why it’s cool: IRIS-H employs custom file format parsers that break supported files (Office, PDF) down into component parts and then conducts innovative constrained dynamic analysis over executable code found in those parts.
IRIS-H detected previously unknown malware inside of a Microsoft Excel file. They were the first to detect it on PolySwarm and it took about a week before any engines detected it on VirusTotal.
(Android) Judge
URL: N/A
Engine Name: Judge
Country: US
Specialty: Android apps
Why it’s cool: Android Judge uses machine learning and advanced feature extraction including compiler fingerprinting to identify Android malware.
Founder: Caleb Fenton, Head of Innovation at SentinelOne
(This engine is part of polyX, a free community that gives members the ability to collaborate, access malware samples and test new detection techniques. Join at go.polyswarm.io/polyx)
***
Ready to start consuming threat intel from the research-driven engines in PolySwarm?
Contact us here to start a free trial or get set up with a demo.