June 14, 2018

A Risk Not Worth Taking

Company’s are putting their data at risk by using VirusTotal, even when safer, superior options exist

Over the last few months, almost all global companies have been focused on implementing changes across their IT systems and websites to meet GDPR compliance. But how many have considered how their existing security practices are affected by this new privacy law?

Recently at the FS-ISAC event in Boca Raton, Florida the topic of GDPR and security practices was discussed and interestingly one area of great risk was how companies utilize the VirusTotal open source malware database and the privacy concerns its use creates.

One threat intelligence researcher from a large retail bank commenting, “When I do a YARA query in VirusTotal with keywords like company name/username/ password/ etc., I am shocked at the sensitive and classified documents that appear.”

It was clear that many security teams do not understand the risk of VirusTotal’s open source structure. It was also clear that many researchers use VirusTotal “on the side” even though its use may not be approved by their company.

Another large global financial company researcher said his team monitors VirusTotal because, “You can actually catch the bad guys testing their latest malware against the AV scanners and that is a great source of early intelligence for the team.”

The discussion ended with GDPR compliance and what would happen if someone accidentally loaded a file into VirusTotal that is suspected of infection but also contained a list of EU client PII data. There were many comments that once a file is loaded, it is very difficult to get it out. One SOC director saying, “It is too late, you are done.”

So why do companies take the risk of using VirusTotal at all?

Mostly because they are unaware there are better alternatives. 
ReversingLabs TitaniumCloud, for example, offers the largest, most up to date and complete file intelligence service on the market.  You can read all about our service and how it compares to VirusTotal here.  If you do not have time, here are the top five reasons to switch to TitaniumCloud:

1) 3x more files than VirusTotal - over 6 billion in total including millions of goodware samples

2) Samples acquired not just from AV scanning – get the latest intel from our research team and the teams from over 100 of our security partners

3) 100% private – uploads can be made private, and any file can quickly be retrieved

4) Better and faster hunting - more file context means better YARA hunting and a more extensive Retro-search capability

5) Real enterprise-class support – not only to help product usage but also to support your hunting efforts.

So, stop putting your company at risk – read our comparison paper and give us a call!