Alphabet’s cybersecurity company Chronicle launched a new version of VirusTotal Thursday, dubbed VirusTotal Enterprise.
The security scanner, which was acquired by Alphabet subsidiary Google in 2012, enables users to submit files and URLs to detect malware and malicious activity. In addition to its free scanning service, which aggregates feedback from dozens of different antivirus and antimalware vendors, VirusTotal also offers premium services and APIs to enterprises and developers.
VirusTotal Enterprise builds on those premium services with new features, including Advanced Malware Search, which Chronicle claims is 100 times faster than the standard VirusTotal search and which uses N-gram content searches to identify threats. In a blog post, Chronicle said the Advanced Malware Search feature offers enterprises improved accuracy by allowing for additional parameters such as common icons in files or similar visual layouts for suspicious emails.
Chronicle said the Advanced Malware Search will show more details about scanned files such as embedded domains and interest-ranked strings. VirusTotal also unveiled a unified interface for both the free and enterprise versions of the service.
Another major addition under VirusTotal Enterprise is called Private Graph, which is a variation of the VirusTotal Graph feature that generates visual data sets to help users understand connections between different files, IP addresses and other elements. Private Graph, which is not available to the public, enables enterprises to include information about their own environment in the data sets. Chronicle said the graph can automatically “extract commonalities from nodes” and identify indicators of compromise.”
Enabling customers to keep data private with VirusTotal Enterprise could solve a conundrum for Chronicle. Earlier this year, Schneider Electric reportedly uploaded a file to VirusTotal that contained sensitive information related to the Trisis malware, which had been used in a major cyberattack on the company’s Triconex Safety Instrumented System (SIS) controllers in an unnamed Middle Eastern enterprise.
The file, which was publicly available on VirusTotal, contained data that allowed anyone to replicate the Trisis malware and initiate similar attacks. The file was quickly removed from VirusTotal, but it propagated on other public platforms such as GitHub. The incident demonstrated how companies could err by submitting files to the public platform, which could expose dangerous exploits to other threat actors.
In addition to the Advanced Malware Search and Private Graph features, Chronicle said VirusTotal Enterprise comes with additional management and security features for companies, including the ability to use existing two-factor authentication to access enterprise accounts.