TEApplet

ThreatExpert (patent pending) is an advanced automated threat analysis system (ATAS) designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.
The ThreatExpert system produces reports with the level of technical detail that matches or exceeds antivirus industry standards such as those found in online virus encyclopedias.

It only takes 2-3 minutes for an automation server to process a single threat, making it possible to generate up to 1,000 highly detailed threat descriptions per server, per day. Built on a distributed architecture the service can scale to a virtually unlimited amount of threat analysis servers, thereby allowing unlimited automated processing of threat samples.


The Problem
A typical threat outbreak scenario is illustrated below:

A new threat slips through an Antivirus Product undetected and penetrates into the Customer's environment
The customer submits the sample to its Antivirus Vendor for analysis
It can take many hours for the Antivirus Vendor to provide a response
Response #1: Antivirus Vendor rolls out definitions to update the Antivirus Product.
Response #2 (optional): Antivirus Vendor provides the Customer with the threat description



Notes:
Threat description response (such as a posted write-up) follows the updated detection a several hours (or even days) later
Due to its complexity, threat description response is only provided for a small percentage of newly discovered threats, such as high-profile threats or threats that are submitted by VIP customers. Note: the majority of new threats are detected under generic names only with no specific description provided thereby removing the possibility of manual mitigation or prevention.


The Solution
Below is the illustration of a scenario when Customer uses ThreatExpert Automation directly:

Being affected with a new threat, the customer submits the sample both to their current Antivirus Vendor and ThreatExpert
ThreatExpert provides an immediate detailed threat description analysis
Threat description can be used by the customer to undertake threat mitigation phase (e.g. automated or manual threat removal or prevention) hours before Antivirus Vendor responds




Below is the illustration of a scenario when Antivirus Vendor uses ThreatExpert Automation to accelerate and improve the quality of its response:

As soon as the Antivirus Vendor receives a sample from the Customer, it engages ThreatExpert (which could be an in-house server or a hosted server)
ThreatExpert provides an immediate threat description response
The new threat description can now be immediately posted on the corporate website of the vendor, hours before other vendors are capable to do so
Vendor's other Customers can now be immediately alerted about a new threat with the full threat description
Vendor can use the detailed behavioral report to assist in the malware analysis for generating the detection signature.