Personal experience is the best teacher.
It’s tough to make a product based only on a great idea, customer journey maps, and user feedback.
When we went through what our clients face daily, something that people don’t usually talk about, we decided to live through it and turn it into something beneficial for our users. We didn’t just want to get through it; we wanted to face it head-on.
And it was worth it – my view of the product has completely changed.
Aleksey Lapshin, ANY.RUN CEO
ANY.RUN has been a leading provider of cybersecurity solutions for over 8 years, offering our services: a cloud sandbox for interactive malware analysis and a threat intelligence suite for comprehensive investigations.
We have always valued the feedback and insights from our clients, which have helped us improve ANY.RUN products and create services that provide real value to our global community.
Recently, we gained a deeper understanding of the challenges our clients face when protecting our own infrastructure. This insight highlighted areas where our products could be enhanced to better support our clients and provide them with the tools they need to stay secure.
In the past, we have prioritized interactivity and avoided making unnecessary conclusions for users. However, with the increasing number of non-expert users and clients, we need to adjust our approach and add more automation features to our service.
As a result, our new roadmap focuses on four key areas that will help all of our users overcome the challenges they face.
Our Plan Going Forward
Enhancing Email Security
Phishing emails can bypass security measures if there are no systems in place to filter or analyze them for risks. Currently, our sandbox isn’t always able to automatically detect threats in malicious emails, leaving our clients to decide if they’re safe or not.
Our Solution:
To improve our sandbox’s detection capabilities, we will focus on upgrading our static email analysis within the sandbox. The scanning process will be automated to provide a more comprehensive examination. We will also improve automated analysis via API for better results for features like Automated Interactivity.
We will also integrate with Microsoft Defender and popular email clients, starting with Outlook to remove the need for downloading and submitting emails for analysis manually.
Making Phishing Analysis Simple but Effective
Modern phishing threats are becoming increasingly sophisticated, making it difficult for non-experts to identify them. Ensuring that all security protocols are consistently followed is a significant challenge for many organizations, which can result in security gaps. To address this issue, it is essential to simplify the process of analyzing phishing links.
Our Solution:
To make phishing analysis easier and more efficient, we will introduce SafeBrowsing, a new tool for safe link viewing. While the sandbox monitors all system events, SafeBrowsing is designed to focus exclusively on scanning the network and web browser activity. This will reduce the load on our systems and allow us to provide a more user-friendly experience when using the product.
While relying on our sandbox’s detection capabilities, this service will help you quickly check browser network activity. The entire process will be very easy, as if working in a standard browser. This simplicity will lead to seamless integrations. All you’ll need to do is go to a URL that includes our domain followed by the link you want to analyze.
Our goal is to provide a smooth experience of opening a website while ensuring maximum user safety.
SafeBrowsing will help organizations and individuals protect themselves from cyberattacks by quickly verifying the content of suspicious websites. This will make it easier for them to decide whether to open a link on their computer.
By using SafeBrowsing, you will be able to:
- Check links faster and easier
- Prevent infections caused by a lack of security knowledge among employees
- Improve your overall online safety
- Effortless integration without the need for an API
Expanding Threat Detection on x64 Systems
We believe that even free plan users should have access to quality analysis and conclusive verdicts without any imposed limitations.
Currently, the detection rate for 64-bit systems is lower than we would like it to be, as most of our users utilize the basic Windows 7 x32 VM, available on the Community plan.
Our Solution:
We will make Windows 10 x64 available to all users, including those on the Community plan. This change will strengthen overall security among our users and improve threat detection in the sandbox, while further enriching our threat intelligence database with fresh indicators and artifacts.
Streamlining Malicious IP and Domain Reporting
Our process of blocking malicious domains and IP addresses needs to be expedited. The large number of malicious IP addresses and domains identified by our systems everyday makes it hard to effectively manage and report them. Subsequently, our users often do not get alerted about malicious links they submit for analysis to our sandbox.
Our Solution:
To make the reporting process simpler and more efficient, we will work on developing an automated reporting mechanism for malicious IP addresses and domains.
This will allow us to instantly notify registrars and hosting services of threats detected in our services, enabling them to quickly take down threat actors’ infrastructure.
The Takeaway
We are committed to creating services that prove useful in the work of security professionals and providing our clients with the tools they need to stay secure in the face of evolving threats.
We encourage you to join us in this journey to make a positive impact together.
Feel free to share your suggestions and ideas in the comments section.
0 comments