CrowdStrike finds a bridge to Google's VirusTotal

Security firm CrowdStrike is now officially a contributor to Google’s Virus Total malware database and not just a user of data shared by traditional antivirus (AV) rivals with the service.

CrowdStrike announced Thursday that it has opened its Falcon Machine Learning engine to the VirusTotal malware scanning service. In doing so, it appears to have ended an impasse that emerged over concerns that it, and several other next generation security companies, was using the Google-owned service to improve its own products without giving back to the community.

In May, VirusTotal threatened a number of next generation security firms with exclusion from the service for leveraging data supplied by traditional AV firms such as Symantec, McAfee, Kaspersky, and Trend Micro.

VirusTotal allows anyone to upload a suspected malicious file, to find out if any AV firms have already detected it. Normally, when VirusTotal users seek to check whether a file is malicious, the service will display which firm’s antivirus engines recognise that file. For a new piece of malware, VirusTotal might show that five out of 30 products recognise the file; over time, a user could expect to see more products recognise the specific malware.

VirusTotal’s reaction to those concerns was to require all virus scanning companies that want to access its database to integrate their own scanner into its interface. Contributing vendors would also need to pass a test by the Anti-Malware Testing Standards Organisation (AMSTO).

CrowdStrike has now fulfilled both these requirements and claims its offering goes over and above the norm, following validation from a third-party certifier.

Since CrowdStrike’s Falcon engine doesn’t rely on signatures -- and it scored perfect results under a third-party audit -- the company claims VirusTotal users will be now able to see whether a file is dangerous even when other AV vendors don’t have a match for the file in their databases.

“The full machine learning engine is unique as it is also the first engine in VirusTotal to provide a confidence level as a result of its analysis. This aids VirusTotal users by providing an additional level of insight into the level of maliciousness of the malware sample, rather than just a pass or fail detection result currently provided by existing engines,” CrowdStrike said in a statement.

According to Reuters, which first reported CrowdStrike’s inclusion in VirusTotal, two other next generation security companies will integrate with the service by the end of September. Reuters named Palo Alto Networks and Cylance as firms that would be affected by VirusTotal’s new policy. SentinelOne was also cut off from VirusTotal for its failure to contribute.

VirusTotal issued a brief statement on Thursday welcoming CrowdStrike to the fold.

“We welcome CrowdStrike Falcon (ML) scanner to VirusTotal. This is a machine learning engine from USA,” a representative from the Google subsidiary said.

CrowdStrike said its contribution to VirusTotal will be visible to end-users as a confidence score rather than the existing method of displaying whether or not a virus scanner recognises a particular malware variant. This could add value to the VirusTotal service by judging new threats before detections for a specific threat is widely recognised.

“Windows PE executables and DLL files submitted to VirusTotal will be processed by CrowdStrike Falcon (ML) and the results will be displayed with a confidence score that indicates the degree of certainty the engine has in a file’s maliciousness. Scoring at this level of detail allows users to make more granular and effective policy decisions," Crowdstrike said.

Join the CSO newsletter!

Error: Please check your email address.

Tags DDLSCrowdStrikeAnti-Malware Testing Standards Organization (AMTSO)DLL hellGoogleanti-malwarecyber securityAMSTOVirusTotal

More about CrowdStrikeCylanceGoogleKasperskyPalo Alto NetworksSymantecTrend MicroVirus Total

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts