Security firm Invincea next week will release a free tool for researchers and forensics investigators to analyze a malware sample and experience firsthand its capabilities on a user machine, via a virtual container. The tool is a research edition of Invincea's FreeSpace endpoint software.
Anup Ghosh, founder and CEO of Invincea, says the research tool is basically the same FreeSpace tool it sells to enterprises, but it will have a link to Invincea's cloud-based malware threat intelligence analysis. "When they are out there on the web clicking on links that might be malicious and hit one that is, it protects their machine. The forensics from that is automatically uploaded to the cloud-based server and the source of it, anonymized," Ghosh says. "It's a safe place to do discovery, and the sharing... of forensics."
Ghosh says Invincea had enterprise researchers and forensics investigators in mind for the tool, such as those in financial services, defense, energy, healthcare, and the federal government. Invincea is working with the FS-ISAC to exchange data collected from its intelligence-sharing with Invincea's. "That [intel] will go right back into those community ISACs," he says. "These communities have done a good job in defining the format to be exchanged... but have not gone as far as to provide a tool to enable discovery and sharing content."
Invincea also has struck an alliance with ThreatGRID, a crowdsource-style intel-sharing service, for additional analysis of malware tested with FreeSpace Research Edition.
"This relationship enables someone from the security team to... get more information on this malicious sample. What are its actual attributes?" says Dov Yoran, CEO and co-founder of ThreatGRID.
Ghosh acknowledges that he hopes the offer of the free tool will help expand adoption of Invincea software, and that it's also a way to "give back to the community."
In addition to FreeSpace Research Edition, Invincea also will roll out a tool it demonstrated at last year's Black Hat USA conference -- CrowdSource, a machine learning-based reverse-engineering tool.
"If you see an inbound spear phish, FreeSpace will click on all links and see if this was a real spear phish and whether it runs malware. If it did, what are the indicators of that? Then [the findings are] automatically shared with the community."
CrowdSource then would quickly provide information on all of the capabilities of the malware. "This would normally take hours for a highly qualified malware forensics analyst," says Ghosh. "Anyone can run this, and it tells you right away."