Digital transformation has accelerated. Transactions that were previously done in person have moved online, which has affected several industries including finance and even governments. End users are now interacting with businesses and governments virtually and submitting documents such as mortgage applications, insurance claim documents and government permits through online portals. While the digital revolution has propelled business productivity, it has also expanded the threat surface. With so many files being uploaded every minute and stored online, security practitioners need to secure these online portals and stop them from being malware delivery vectors exploited by bad actors.
In addition to securing the growing number of e-service portals, security teams have an ongoing storm to deal with, namely fighting the top threat: email phishing. Triage of email phishing threats is time-consuming, yet the investigative process is highly repeatable and requires accurate intelligence to make a decision. Thus, security operations center (SOC) teams invest in automation tools to reduce the load on security professionals and accelerate triage and incident response processes.
The Power of WildFire
WildFire is one of the largest cloud-based advanced malware analysis solutions in the world, powered by crowd-sourced intelligence from over 80,000 customers and backed by our Unit 42 threat intelligence team. WildFire processes over 10 million unique samples every day, creating a rich repository of malware samples that add up to billions annually. With broad visibility across networks, infrastructure as a service (IaaS), software as a service (SaaS), platform as a service (PaaS) and endpoint, WildFire delivers world-class detection efficacy and consistent protection across your organization. With the industry’s broadest global footprint of certified regional clouds, WildFire can help meet data residency and privacy concerns.
Harness the Potential of WildFire
These ongoing trends have created two needs: increased demand for WildFire to secure these e-service portals directly and the need for WildFire to be incorporated into security orchestration, automation and response (SOAR) playbooks for SOC automation. To ensure customers stay secure during this transformation, we are excited to announce the availability of WildFire as a standalone product for purchase. This now unlocks the ability to incorporate WildFire’s unique advanced malware analysis capabilities across a diverse set of use cases for customer development teams, technology partners and security operations. Amongst the various new use cases WildFire supports, here are two examples:
- Securing document and file submission portals – To qualify for a loan, a borrower has to submit a number of documents. These documents are now submitted virtually through online portals. A bad actor posing as a borrower could insert malware into an application and get past any security controls. Ensuring every file and document is scanned by WildFire before being stored will help eliminate threats. This same scenario could apply for healthcare in lab report submissions from supply chains, as well as finance, public sector, engineering and other verticals.
- Automating phishing email analysis – When a user submits a suspected phishing email, a security analyst typically analyzes the body of the email for links as well as any attachments that could be malicious, performing malware analysis on any found. If any of the artifacts are malicious, then the email is classified as a phishing attempt. Threat intelligence gathered from this phishing attempt is used to scan for other similar attempts and inform the organization’s security posture. WildFire can automatically perform this analysis and deliver an accurate verdict, often in seconds. These steps are codified in a SOAR playbook with calls to WildFire to automatically determine if a threat exists and ensure the playbook orchestrates an outcome, saving 30 minutes per phishing attempt.
To learn more about the diverse set of security use cases supported by the WildFire API, please check out our webinar, WildFire Unlocked: Expanding Our Leading Malware Analysis Service Beyond the NGFW.