By building tools and services that allow third parties to shed some light into our dataset and identify and understand today's threats in detail VirusTotal can contribute to the overall security the Internet and end-user systems. If we manage to empower VirusTotal participating partners and security organizations world-wide with better ways of understanding and juicing malware information we can impact billion of users.
Archimedes once said "give me a lever long enough and a fulcrum on which to place it, and I shall move the world". By feeding more comprehensive information and better ways of interacting with VirusTotal's data to companies that have visibility into end-user systems and networks we can impact billions of users without necessarily having footprint in so many systems, and thus reach our end goal of hardening world-wide defenses.
As of today VirusTotal develops the following services in order to reach this goal:
- VirusTotal Intelligence: get the magic Google and the magic of Facebook, place it into a mixer and apply it to the malware field, that would be a very broad summary of what VirusTotal Intelligence is. A human-oriented web platform with advanced elastic search features applied to VirusTotal's historical dataset where each of the stored items are related to other items in the dataset and enriched with a detailed contextual profile. Meant for malware researchers, security companies and security teams within organizations that need to understand their adversaries.
- VirusTotal Hunting: apply the magic of YARA to VirusTotal's live flux of samples as well as back in time against historical data in order to track evolution of certain threat actors, malware families that interest you and understand the film rather than just the snapshot.
- VirusTotal Graph: explore VirusTotal's dataset visually, understand the relationship between files, URLs, domains, IP addresses and other items encountered in an ongoing investigation. Pivot intelligently over any of the malware artifacts in your graph and synthesize your findings into a threat map that you can share with your colleagues.
- VirusTotal Premium API: while many of the endpoints and features provided by the VirusTotal API are freely accessible to all registered users, some of them are restricted to the premium API. This premium interface has more endpoints (similarity search, clustering, behavioral information, etc.) and returns richer information for the items looked up.
If you want to learn more about these initiatives please do not hesitate to contact us.