CSE498, Collaborative Design, Spring 2018
Computer Science and Engineering
Michigan State University

Proofpoint is a leading next generation cybersecurity firm that provides comprehensive cloud-based security solutions to protect organizations from advanced threats and attacks that target email, mobile apps and social media.

Every day Proofpoint blocks threats in more than 600 million emails, 7 million mobile apps and hundreds of thousands of social media accounts. This volume of threats makes it increasingly more difficult to rely solely on human analysis.

Our Next Generation Malware Analysis Platform provides a comprehensive tool for analyzing malware samples automatically and quickly.

Our system first analyzes malware using a basic set of tools. Depending on the results of this initial analysis, our system determines whether or not more in-depth analysis should be done.

Malware is classified and identified using something called a signature. Our system clusters malware based on similarity, thereby enabling Proofpoint analysts to generate signatures more efficiently.

Analysts use our dashboard to visualize the results of malware analysis. Additionally, they can view malware of interest and apply filters.

Our Next Generation Malware Analysis Platform uses Bootstrap. A RESTful API based on NodeJS communicates with the MongoDB Database. Cuckoo, YARA, ClamAV and Suricata are utilized for the malware analysis tools. All of our tools run on virtual machines handled by an ESXi Hypervisor.