Page 38 - Cyber Defense Magazine RSA Edition for 2021
P. 38

To install different operating systems and set additional programs whenever malware doesn’t show up –
            can be time-consuming and expensive. Thankfully, there is a unique solution that both saves your money
            and speeds up analysis. ANY.RUN service can do it all.



            A new trend for detecting and investigation

            ANY.RUN  is  a  cloud-based  interactive  sandbox.  Analysts  use  it  to  detect  malware  and  investigate
            incidents. Moreover, a large sample database of IOCs and ready-made reports can improve the everyday
            work of a cybersecurity specialist.

            The service has an interactive approach to the analysis of malicious content that other sandboxes are
            lacking. The malware analysis takes place in real-time, and you are directly involved in the process.

            In a matter of seconds, you get a ready-made workplace where you can run malicious files. There is no
            need to configure additional tools for logging file events and network traffic. This is what ANY.RUN offers,
            and unlike many systems, it doesn’t limit you in the number of submissions.

            Nowadays, it is not enough to run a suspicious file in an automated detection system to conclude that it's
            secure. Some types of threats (such as APTs) require direct human interaction during analysis. Our
            toolset for online malware analysis allows you to monitor the research process and make adjustments
            when necessary, just as you would do when working with a real system. There is no need to rely only on
            automated detection.



            A new interactive approach in real-time


            Let’s have a look at what stands for interactive access in ANY.RUN. During your investigation in real-
            time you can:

               •  Move and click a mouse, input data, reboot the system, open files – any kind of interaction with
                   the virtual environment is possible;
               •  Change the settings: pre-installed soft set, several OSs with different bit-versions, and builds are
                   ready for you;
               •  Download files and modules;
               •  Research network connections;
               •  Monitor systems processes;
               •  Collect incident indicators;
               •  Get Mitre attack matrix;
               •  Have a process graph.



            All of these features help to reveal sophisticated malware and see the anatomy of the attack in real-time.







                                                                                                              38
   33   34   35   36   37   38   39   40   41   42   43