Malware Analysis Service
Challenges in defending against inbound malware threats include destination URL security analysis ("is this link in email to a bad site"), page security analysis ("does the page this URL is about to open contain hostile scripts, code, or credential requests"), and email attachment file security analysis ("is this linked or attached file dangerous to open").
Legacy approaches to such malware security analysis systems rely largely on signature-based techniques (comparing the URL IP address or file against a database of "known bad" IPs or files) or by "sandboxing" the email attachment file (downloading it and allowing it to execute in an isolated virtual machine).
Unfortunately, IPs may not have a reputation for a period of days to weeks after setup, "known bad" email attachment file comparisons are easily defeated by slight changes in the email attachment file structure, and malware analysis sandboxing techniques often require isolated, on-premises systems that notify administrators of an issue only after users have downloaded malicious email attachment files, and can suffer occasional misses – as well as doing little to protect remote or mobile users outside the corporate email security system.
Enforcing a Malware Analysis Sandbox and Other Protections
Proofpoint's Malware Analysis Service uses a combination of IP analysis, page security analysis, malware analysis sandboxing, big data analysis, and URL rewriting—performed entirely in the cloud—to ensure that each time a user clicks a link, the resulting URL payload is inspected, regardless of whether that payload is a web page or an email attachment file, regardless of user location, and before malware has the opportunity to take effect.
Used in conjunction with Proofpoint's Anomalytics Service, URL Clicktime Defense Service, and Threat Insight Service, the Malware Analysis Service dramatically increases an organization's email security system and their ability to defend against targeted security attacks and email-borne drive-by downloads.