Technology Record - Issue 28: Spring 2023

73 systems can be automatically quarantined off the network to reduce the risk of a malware outbreak, all without human interaction. Attacker dwell time is another consideration for an SOC, as is the amount of time that a threat remains undetected in an organisation's environment can impact an SOC’s ability to detect and respond to threats before they can cause significant damage. Malware and phishing analysis platforms can significantly reduce dwell time by adding zero-day detection capabilities, allowing security teams to quickly investigate potential threats, as well as assist in threat hunting, detection engineering and threat intelligence gathering. For managed security service and detection and response providers, the use of a malware and phishing analysis platform offers numerous benefits, such as faster analysis time and the mitigation of potential skill gaps within security teams. Another benefit is the ability to free up experienced malware analysts and security practitioners, allowing them to focus their talent on the higher-value strategic tasks, rather than wasting time on the tactical aspects of EDR alert investigations. In conclusion, few commercial malware and phishing analysis tools on the market today can automate SOC processes in high-volume alert environments with the accuracy needed to confidently respond autonomously to potential threats. Even fewer are anti-evasion resistant to advanced malware and phishing threats. Investing in a malware and phishing threat analysis technology like VMRay’s means investing in an in-depth security approach. Carsten Willems is CEO of VMRay Photo: iStock/VMRay