VirusTotal slips on biz suit, says Google's daddy will help the search for nasties
Alphabet-owned VT upgraded for corporate threat hunters
Alphabet-owned malware aggregator website VirusTotal has given itself an enterprise-focused makeover.
The firm said the reboot "takes advantage of Alphabet's "increased scalability of data collection, processing, and search" to help threat intel teams work faster.
Front and centre of the upgrade is the introduction of Private Graph. The feature will enable companies to shove their own data into VirusTotal to run analyses against billions of malware samples, visualising connections between certain strains and corporate entities including people, departments, servers and emails.
Private Graph is outfitted for secure team collaboration, making it more suitable for incident response. The tech will, among other things, allow an infosec crew to identify features that various waves of attack have in common and match them against indications of compromise.
VirusTotal Enterprise also adds high-speed searching via a new interface and an expanded set of search variables.
The main tasks of searching for malware samples (using VT Intelligence) and visualising malware relationships (via VT Graph) will be offered through programming interfaces. New API management of corporate groups will allow synchronisation with internal user directories. VirusTotal Enterprise accounts supports two-factor authentication for improved security.
The service aggregates many anti-malware products under a single roof. Analysts can upload files they're suspicious about to pick up on malware that their own preferred tools might have missed or to catch false positives. According to Chronicle, the subsidiary of Alphabet Inc that runs VT, the service also allows interrogation of suspect URLs and searching by file hash or suspect IP address, among other features.
Samples of "suspect" files are then shared with participating software vendors. The utility of the service is perhaps evidenced by the creation of black-hat alternatives that do the scanning against various anti-malware engines but not the sharing.