Past, present and future of Deepviz

More than two months have passed since our last blog post and many exciting things happened during that time. In two months that Deepviz is officially live and publicly available our statistics are really impressive. Let me share some numbers with you:

  • Deepviz is seeing daily traffic of more than 500 unique IPs/day,  +300% since February 2016;
  • around 75.000 hits/day (we had to filter out many unauthorized crawlers. Guys, seriously, don’t do it or at least don’t do it so explicitly, it’s harmful to everybody and can cause slowdown and/or downtime to the online services);
  • more than 700 registered users;

Impressive numbers for a brand-new service, built up from scratch in so few months, without big budgets, funding or anything else. Just a couple of guys in a small office in the middle of Italy! We don’t have the revenue, nor the resources of bigger companies, anyway many registered users are enjoying our services so much they decided to integrate our intelligence into their SIEM solutions to use our threat intelligence capabilities. Thanks everybody for all your support and help!

When we started our project, the idea was to build up from scratch a brand new malware analysis engine, available online, in the cloud, through a set of flexible APIs – and we tried to do it at our best. Today, our Deepviz Malware Analysis Engine is at the core of our Threat Intelligence Platform, and thanks to it we have populated our threat intelligence database with static data, network traffic, string patterns, behavioral data extracted from ~11 millions of samples already analyzed so far.

 

Deepviz Statistics

 

When we started our malware analysis engine, we were able to succesfully process 32 bit PE files only. Today, we can process 32/64 bit PE files (EXE/DLL)  as well as PDF and OLE files, and we’re planning support for OOXML, JAR, ELF, APK file types. Support for PDF and OLE is still in beta testing, however we already received many positive feedback and we can see an increasing number of users using us to double check the safety of their e-mail attachments and documents.

 

pdf_shellcode

 

Today Deepviz is not just the malware analysis engine at the core of the website.  Today Deepviz is a full-featured Threat Intelligence Platform, available for integration in almost every programming language – and easily pluggable in every not-yet-implemented language thanks to our set of RESTful APIs – ready to enrich your existing threat intelligence by processing and providing you with fresh data everyday.

The biggest addition Deepviz can provide you with is the fact that our threat intelligence data – IPs, domains, data correlation, malware clusters, and much more – is not taken from any third party sources or feeds, all what we have is extracted stright from malware, from the source. 

Feel free to play around with our APIs thanks to our live demo console , where you can try and see what our data looks like.

api-demo
During the last two months we also released our first add-on for Splunk, to make Deepviz Threat Intelligence integration into your existing dashboards as straightforward as possible. The add-on is already available on SplunkBase , please get in touch with us at splunk@deepviz.com for live demo and licensing requests.

Furthermore, in the next weeks our add-on will be compatible with Splunk Enterprise Security as well, providing you with a complete experience within Splunk, adding to your dashboards the possiblity to further investigate domains, IPs and file hashes through workflow actions and exported commands available from the Splunk Search App.

splunk-deepviz

 

While the real-time interaction with our threat intelligence platform through our set of APIs would be the perfect way for you to take the best out of Deepviz, we also wanted to provide a more easily parsable threat intelligence daily feed with a list of domains and IPs  isolated during our daily malware analysis, along with their WHOIS data, MD5 samples connecting to them, common antivirus tags. Everything packed up in an easy-to-parse JSON flat file, updated on a daily basis and available through our SFTP servers. During the past week, among all the domains contacted by malicious samples, we have isolated ~3/4% of newly registered domains – domains registered in the last 30 days.

Please contact us from our Subscription page and feel free to ask for a 7-days trial of our Feeds subscription plan to evaluate our data.

json-feeds

 

We are really interested in your feedback, either positive and negative, and we’re trying to listen to all your requests. Many of you asked the option to upload samples in a password-protected ZIP archive.

Starting from April, we succesfully accept password-protected ZIP files with the industry-standard “infected” and “malware” passwords. Please note that this kind of submission is accepted only from registered users and the ZIP file must contain only one sample at a time.

Also some researchers asked whether it was possible to download PCAP files of the dumped network traffic from the analyzed malware. Not only we will allow this very soon, but another exciting feature will be deployed during the next weeks: on-the-fly SSL/TLS decryption, allowing us to dump malicious traffic hidden under a SSL/TLS encrypted channel.

However, to provide you with the best service possible and to handle the massive number of requests we received, we had to redesign our subscription plans. Starting from the 1st of May, 2016 the following changes will be applied:

FREE PLAN

  • From 20 sample downloads to 5 sample downloads
  • From 100 report downloads to 25 report downloads
  • From 500 submissions to 100 sample submissions

BRONZE PLAN

  • From 300 sample downloads to 100 sample downloads
  • From 5000 report downloads to 200 report downloads
  • From 1000 submissions to 500 sample submissions
  • From 5000 intel queries to 200 intel queries

SILVER PLAN

  • From 600 sample downloads to 250 sample downloads
  • From 15000 report downloads to 500 report downloads
  • From 2500 submissions to 1000 sample submissions
  • From 15000 intel queries to 500 intel queries

While the changes to the Free subscription will be applied to all registered users starting from the 1st of May 2016, already existing and active customers of the Bronze / Silver  /Gold Plans and who will subscribe within 30th of April 2016 will keep existing subscription’s quota lifetime until the subscription is active. In addition to this, for this month, you can subscribe one of our plans with a 10% discount by entering the coupon code APRIL-10-OFF during the order procedure.

Don’t miss the opportunity to subscribe now with current quota and a 10% price discount lifetime, or get in touch with us at info@deepviz.com if you want a customized plan for your company (we allow customized plans for teams of researchers, perfect for your SecOps team and you want to give them full access to our platform for research and incident investigations) or if you’re interested in the Threat Feed subscription or Splunk Add-On licensing).