tLab

Allows to see the malware from the inside

tLab system is a corporate local service for safe and remote analysis of suspicious objects. Practically tLab produces an autonomous analysis of program behavior and identifies malicious functionality in a local cloud. The system allows to automate the process of analyzing the behavior of any program and identify in them signs of malicious functions.

The system allows to upload executable files or objects that contain executable code (eg, PDF document). The system then runs the objects in an isolated environment, monitors program activity in real time, detects potentially malicious functionality and automatically produces a full interactive report. It uses a unique deep behavioral analysis technology of the application's functionality, which will allow to detect complex or hidden malicious activity.

The system has the following technological advantages:

  • Tracks data flow from the source to the target that allows for the administrator to see hidden attacks and distinguish false alarms;
  • The ability to detect distributed attacks;
  • Code level process control (whitelists) to unambiguously identify illegitimate activity.

Customer Benefits

  • The ability of the system to detect malicious objects that are invisible to a typical anti-virus, such as zero-day viruses, targeted attacks and new generation malware (eg, distributed threats)
  • The system provides an interactive report with a visualization of all activity and malicious function indicators
  • The system allows the examiner to quickly assess threat level and set a verdict

For the end user (organization) tLab system will resemble a personal exclusive antivirus laboratory, which allows to see the malware from the inside and create the appropriate verdict for malware samples that are still unknown to client’s antivirus products.

System capabilities

LAUNCH
and activation of a malicious object

Automatic launch of the investigated executable in an isolated environment, where system behavior of objects is monitored

User activity simulation in an isolated environment in analysis mode to activate malware that requires user interaction

DETECTION
Of malicious and suspicious activity

Detection of potentially malicious functionality in real time

Deep behavioral activity analysis of investigated programs while tracking flow of malicious activity spread and behavioral relationship of executables

ANALYSIS
Of activity by an expert

Generation of interactive reports varying in levels of detail and information content

Automatic estimation of threat level for the analyzed object and verdict recommendation for the expert