CrowdStrike finds a bridge to Google's VirusTotal

[Batu69]

 

Security firm CrowdStrike is now officially a contributor to Google’s Virus Total malware database and not just a user of data shared by traditional antivirus (AV) rivals with the service.

 

CrowdStrike announced Thursday that it has opened its Falcon Machine Learning engine to the VirusTotal malware scanning service. In doing so, it appears to have ended an impasse that emerged over concerns that it, and several other next generation security companies, was using the Google-owned service to improve its own products without giving back to the community.

 

In May, VirusTotal threatened a number of next generation security firms with exclusion from the service for leveraging data supplied by traditional AV firms such as Symantec, McAfee, Kaspersky, and Trend Micro.

 

VirusTotal allows anyone to upload a suspected malicious file, to find out if any AV firms have already detected it. Normally, when VirusTotal users seek to check whether a file is malicious, the service will display which firm’s antivirus engines recognise that file. For a new piece of malware, VirusTotal might show that five out of 30 products recognise the file; over time, a user could expect to see more products recognise the specific malware.

 

VirusTotal’s reaction to those concerns was to require all virus scanning companies that want to access its database to integrate their own scanner into its interface. Contributing vendors would also need to pass a test by the Anti-Malware Testing Standards Organisation (AMSTO).

 

CrowdStrike has now fulfilled both these requirements and claims its offering goes over and above the norm, following validation from a third-party certifier.

Since CrowdStrike’s Falcon engine doesn’t rely on signatures -- and it scored perfect results under a third-party audit -- the company claims VirusTotal users will be now able to see whether a file is dangerous even when other AV vendors don’t have a match for the file in their databases.

 

“The full machine learning engine is unique as it is also the first engine in VirusTotal to provide a confidence level as a result of its analysis. This aids VirusTotal users by providing an additional level of insight into the level of maliciousness of the malware sample, rather than just a pass or fail detection result currently provided by existing engines,” CrowdStrike said in a statement.

 

According to Reuters, which first reported CrowdStrike’s inclusion in VirusTotal, two other next generation security companies will integrate with the service by the end of September. Reuters named Palo Alto Networks and Cylance as firms that would be affected by VirusTotal’s new policy. SentinelOne was also cut off from VirusTotal for its failure to contribute.

 

VirusTotal issued a brief statement on Thursday welcoming CrowdStrike to the fold.

“We welcome CrowdStrike Falcon (ML) scanner to VirusTotal. This is a machine learning engine from USA,” a representative from the Google subsidiary said.

 

CrowdStrike said its contribution to VirusTotal will be visible to end-users as a confidence score rather than the existing method of displaying whether or not a virus scanner recognises a particular malware variant. This could add value to the VirusTotal service by judging new threats before detections for a specific threat is widely recognised.

 

“Windows PE executables and DLL files submitted to VirusTotal will be processed by CrowdStrike Falcon (ML) and the results will be displayed with a confidence score that indicates the degree of certainty the engine has in a file’s maliciousness. Scoring at this level of detail allows users to make more granular and effective policy decisions," FireEye said.

 

Article source

[Petrovic]

First next-gen machine learning scanners added to VirusTotal · 
Google announced last week it was adding two new engines, CrowdStrike and Invincea, to its malware scanning platform VirusTotal.

Both are part of the new wave of next-gen anti-malware products that rely on machine learning algorithms to analyze behavior and network activity in order to detect anomalies and flag malware.

 

The news is of great importance if we take a look at how a Google announcement from May has changed the antivirus market in the last three months.

 

Google kicked out VirusTotal freeloaders in May
On May 4, Google published new API access rules on the VirusTotal blog. Google kicked out all security companies that were using VirusTotal's API to scan suspicious files and present the results to their clients, as they would be a real antivirus.

 

Google limited access to the full VirusTotal API only for companies that had a product listed in its scanning service. This meant that many next-gen anti-malware products which used machine learning algorithms were left out in the cold because they used VirusTotal to confirm their findings.

 

Vendors of classic signature-based products welcomed the move. Most of them had complained to Google about next-gen anti-malware products who pilfered their work, integrated the VirusTotal API as part of their products, but then engaged in aggressive marketing campaigns against old antivirus vendors, trying to discredit their credibility. You can see the irony for yourself and why Google felt the need to make this move.

 

Google left the door open for next-gen AV products
Google didn't close the door on next-gen anti-malware products for good. The company said that any vendor can integrate its product in VirusTotal, and be granted access to the full API if they provided data back to the community, and join the Anti-Malware Testing Standards Organization (AMTSO).

 

On Thursday, CrowdStrike's became the first next-gen anti-malware vendor to join AMTSO, and its Falcon (ML) product became the first to join VirusTotal's rank.

A day later, Invincea announced it was joining AMTSO and VirusTotal as well. The company's product is called X and was started using US DARPA funding

Article source

[Batu69]

Topic has been merged.

[knowledge-Spammer]

can people trust CrowdStrike ?