Headquartered in Sunnyvale, California, Proofpoint is a cybersecurity firm focusing on enterprise-level threat tracking, mitigation, and elimination. While Proofpoint is known for client endpoint protection, they also employ an extensive R&D infrastructure for handling and analyzing new malware.
Analyzing malware is challenging. Viruses, spyware, ransomware and other malicious programs come in many forms. To protect its customers, Proofpoint analyzes malware using tools called sandboxes, which are isolated computing environments where malware can be tested safely. The industry standard is a short-term analysis on malware samples for 2 to 15 minutes each.
However, malware developers know of sandboxes and often design their malware to change its behavior weeks or months after infecting a system. Because of this, short-term malware analysis is not always effective in determining the effects of certain malware.
Our Predictive Engine for Long-Term Malware Detonation platform offers an intuitive web dashboard to efficiently manage malware samples and analysis, as well as a service to quickly identify unique and duplicated malware samples.
Our website allows Proofpoint analysts to upload malware samples, view the results of previously analyzed samples, monitor currently running malware, and view overall system statistics.
When a malware sample is uploaded from our dashboard, it is automatically analyzed in a few minutes to determine if it is unique or similar to previously run samples. Because running the sandbox for long periods of time is expensive, our system will prioritize unique malware samples for long-term analysis and discard duplicated samples to save on processing time and money.
Our predictive engine is implemented in Python, using Cuckoo, YARA, and OPNsense. Our web app uses Angular 8 for the front end, and Python Flask and MongoDB for the back end.