A Risk Not Worth Taking

Over the last few months, almost all global companies have been focused on implementing changes across their IT systems and websites to meet GDPR compliance. But how many have considered how their existing security practices are affected by this new privacy law?

Recently at the FS-ISAC event in Boca Raton, Florida the topic of GDPR and security practices was discussed and interestingly one area of great risk was how companies utilize the VirusTotal open source malware database and the privacy concerns its use creates.

One threat intelligence researcher from a large retail bank commenting, “When I do a YARA query in VirusTotal with keywords like company name/username/ password/ etc., I am shocked at the sensitive and classified documents that appear.”

It was clear that many security teams do not understand the risk of VirusTotal’s open source structure. It was also clear that many researchers use VirusTotal “on the side” even though its use may not be approved by their company.

Another large global financial company researcher said his team monitors VirusTotal because, “You can actually catch the bad guys testing their latest malware against the AV scanners and that is a great source of early intelligence for the team.”

The discussion ended with GDPR compliance and what would happen if someone accidentally loaded a file into VirusTotal that is suspected of infection but also contained a list of EU client PII data. There were many comments that once a file is loaded, it is very difficult to get it out. One SOC director saying, “It is too late, you are done.”

So why do companies take the risk of using VirusTotal at all?

Mostly because they are unaware there are better alternatives. ReversingLabs, for example, offers the largest, most up-to-date and complete file intelligence service on the market. You can read all about our service and how it compares to VirusTotal here.

1) Over 40 billion samples of malware and goodware, with millions of samples added daily.

2) Trusted intelligence not dependent on crowdsourcing – get the highest fidelity intelligence from curated, continuous file harvesting backed by over 15 years of in-house threat research and proprietary analysis technology.

3) 100% private – private file analysis and private data corpus not accessible to the public.

4) Better and faster hunting - more file context means better YARA hunting and a more extensive Retro-search capability.

5) Real enterprise-class support – not only to help product usage but also to support your hunting efforts.

So, stop putting your company at risk – give us a call!