Threat Analysis: Analyze suspicious data

Threat Analysis

Powerful tools for analyzing suspicious files

Schedule an appointment with our experts

Is this file dangerous? Just test it.

Our threat analysis tools allow you to gather detailed information about suspicious files. Test files in the secure sandbox, check them against our continuously updated malware database, or identify connections to older malware versions. Our tools make it easy for you to identify the relationships and the interaction of different malware.

Our threat analysis services

Analysis-as-a-service
Our malware sandboxes allow potential malware to run in a secure environment while its behavior is observed. This enables previously unknown threats to be detected. G DATA sandboxes can be integrated via a simple API with just a few lines of code, enabling you to automatically perform a security scan of email attachments, user uploads, and so on using state-of-the-art detection technologies.
Features:
- Automatic security scan of email attachments, user uploads, and so on
- Simple API
Schedule an appointment with our experts
Cloud API
The Cloud API gives you access to our comprehensive malware databases, continuously updated by our analysis systems. You can use the Cloud API to query the latest threats in real time by querying sha256 hash sums or URLs. Our Cloud API enables you to identify malicious files or URLs even faster.
Features:
- Easy access to in-depth analysis results and extensive databases
- Information available in real time
Schedule an appointment with our experts
Reputation API
Our reputation service makes it very easy to use an API to query how trustworthy a file. You can control the level of detail of the response. The service can be easily integrated into existing infrastructure and products and enables files to be checked before they are processed further.
Features:
- Perform reputation checks of files before they are further processed
- Simple API for querying
Schedule an appointment with our experts
Threat Intelligence Platform
At G DATA, we closely monitor current cyberthreats, such as malware campaigns, and link their behavior and derived indicators of compromise in our Threat Intelligence Platform. You can use it to search a graph via an API or interactively through a web UI, which correlates current and past threats. The data includes static analysis results, dynamic behavior, and network behavior, forming the most complete picture of a malware.
Features:
- Easily identify the relationships of malware
- Access possible through web UI and API
Schedule an appointment with our experts
URSA
Our URL sandboxes allow you to investigate suspicious websites through actual browser interaction. It tracks redirects, takes screenshots, and records and provides meta-information such as executed scripts, certificates, or reloaded resources and network traffic. This data provides the basis for your further automated or manual analysis.
Features:
- Automatic analysis of potentially malicious websites
- Either easily scalable and as a Docker container
- Or as a Software-as-a-service
Schedule an appointment with our experts
File History API
Use our File History API for deeper analyses in order to find out when and how often requested files are executed. In particular, the timestamps of the first and last execution are good clues to block suspicious files completely before further analysis.
Features:
- Historical information when and how often requested files are executed
- Provides a good starting point for further analyses
Schedule an appointment with our experts
Similar Malware Identification API
Similarity hashes make it possible to efficiently determine whether a given unknown file is similar to already known malware files. At G DATA, we examine various feature groups of executable files that make it possible to identify malware, in our case, using both static and behavioral features extracted in our backend. This interface enables you to retrieve similarity hashes from our internal databases.
Features:
- Find and identify similar malware
- Efficient thanks to similarity hashes
Schedule an appointment with our experts
ESTER - Engine Stability Test Array
With our Engine Stability Test Array, you can test any combination of engine and signatures on different Windows and Linux distributions with different patch levels for stability and detection performance. Depending on the configured test parameters, you will then receive a prepared report on incorrectly detected system and reference files or missed detections on a defined malware set. The system also informs you about timeouts, unexpected recognition names, or other problems and saves you the trouble of operating a varied server landscape for acceptance tests.
Features:
- Easy acceptance of new engine signatures
- Automatic comparison with variable reference sets
Schedule an appointment with our experts

Use Cases

The Problem: You do not have your own analysis systems for potential malware.

The Solution: We offer an automatic security scan via an API to protect your business from malware through user uploads, email attachments, and so on. You can integrate it using a few lines of code, which allows potential malware to run in a secure environment.

Recommendation: Analysis-as-a-service

The Problem: You need assistance in evaluating potential hazards.

The Solution: The classification and evaluation of files is one of our core competencies. We offer our insights in various services – easily via an API or web UI. This allows you to identify simple relationships of malware and subsequently perform further analyses.

Recommendation: Analysis-as-a-service, Threat Intelligence Platform, File History API

Use our tools to find out how dangerous suspicious files really are.

Threat Analysis

Powerful tools for analyzing suspicious files

Is this file dangerous? Just test it.

Our threat analysis services

Features:

Features:

Features:

Features:

Features:

Features:

Features:

Features:

Use Cases

SOC in large corporations

Incident response service providers, CERT

Features:

Features:

Features:

Features:

Features:

Features:

Features:

Features:

SOC in large corporations

Incident response service providers, CERT

Thank you for your request.