Bochum, Germany-based VMRay has closed a $10 million Series B funding round led by Digital+ Partners, bringing the total raised to date to just under $14 million. The money will be used in both marketing and R&D. R&D is based in Germany, while all customer-facing operations are run from Boston, Mass.
VMRay is focused on detecting the malware that other defenses might miss. It does this through a dynamic analysis sandbox that is undetectable by the malware it analyzes.
Although the firm was founded in 2016 by Carsten Willems and Ralf Hund, its naissance goes back further. Current VP of sales and marketing, Chad Loeven, told SecurityWeek that he had been contacted by Willems more than a dozen years ago, and given the brief of commercializing the German’s master’s thesis work. The result led to the world’s first commercial sandbox, predating even FireEye. Between 2006 and 2010 this was sold widely to government and three-letter agencies. But it wasn’t good enough — it could be detected by the malware it sought to analyze.
Willems went back to school to work on the perceived weaknesses. Ralf Hund was a contributor in the development of an alternative sandbox approach, known as Anubis, that ran out of Vienna university and was commercialized by LastLine, but there are weaknesses in both approaches. Together they developed the third approach that led them to founding VMRay in 2016 and bringing Loeven back.
The new VMRay sandbox, explains Loeven, “is an agentless hypervisor approach that builds a better matrix. There’s no Agent Smith that can be detected by the Keanu Reeves malware. The malware does exactly what it is intended to do and is fully confident that it is in its target environment.”
To put this in context, if the examined file is a Brazilian banking trojan, the sandbox will give it what it wants — a Brazilian IP and Portuguese language settings. It can do this because it is located at the gateway and is not limited by desktop constraints. “VMRay returns the exact answer that the malware seeks, so that it keeps working. Because it continues running, it can be analyzed for bad behavior, ultimately aggregating the behaviors into a verdict,” explains Loeven.
The product effectively has three components: a reputation engine that can filter out known bad files in milliseconds; and a static analysis engine for attachments, URLs and potentially malicious components. These two components equate to standard anti-virus defenses. The third component, however, is the dynamic analysis sandbox.
“The USP or value proposition,” said Loeven, “is that VMRay doesn’t just detect the 99.5% of malware detected by all other AV vendors, but also the half percent that they miss. This probably isn’t important for smaller companies and consumers, but we’re not selling to these markets. Where that gap is important — that 0.5% that goes undetected — and where it is a very big deal is when it is targeted directly at major organizations: defense contractors, government agencies, financials, Fortune 500s and so on. Big organized crime gangs and state-sponsored actors are willing to spend the time to figure out how to compromise these targets with unknown malware that can detect other sandboxes.”
“The most effective security teams today are not reactively responding to new threats,” comments Andy Pendergast, VP of product for ThreatConnect, “but rather arming their teams with the advanced tools they need to identify tactics, techniques, and indicators of compromise at the earliest phase of the threat lifecycle. This is precisely what VMRay’s platform enables us to do, giving our customers the critical visibility and intelligence they need to defend their network from tomorrow’s advanced threats.”
The new funding, explained Loeven, “The funding will go to marketing and R&D. With this new round we’re doubling down on expanding our reach into the security ecosystem. The next big project is to add more connectors, more product add-ons for email integration, web integration, and so on — to make it easier for our customers to use VMRay to reach deeper into the enterprise and to make the product fit seamlessly into the modern porous, perimeterless nature of the enterprise. This isn’t about the core technology; this is a challenge about wrapping those pieces around and extending the core technology into the enterprise infrastructure.
Related: Evasive Malware Now a Commodity
Related: A Glimpse at the Latest Sandbox Evasion Techniques
Related: Sandboxes are “Typed”: It’s Time to Innovate to Defeat Advanced Malware
Related: Dell Unveils Solution to Detect Evasive Malware
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
- Quantum Decryption Brought Closer by Topological Qubits
- IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
- CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief
- Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack
- Open Banking: A Perfect Storm for Security and Privacy?
- Apiiro Launches Application Attack Surface Exploration Tool
- Phylum Adds Open Policy Agent to Open Source Analysis Engine
Latest News
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
