VirusTotal, a malware and AV aggregator website, has been around since 2004, with free and paid options. But the security tool has recently been given a significant upgrade as Google's parent company Alphabet announced the launch of VirusTotal Enterprise service in September.
"Google says VirusTotal Enterprise consists of existing VirusTotal capabilities, but also new functionality, such as improved threat detection and a faster search system that uses a brand new interface that unifies capabilities in VirusTotal's free and paid sites," ZDNet reported.
Every company – and especially small businesses – needs good cybersecurity systems to protect from threats and attacks. However, most small businesses don't have the staffing deploy an in-house security setup or the budget to hire extensive third-party security services. Is VirusTotal Enterprise finally a good solution for the small business owner?
What VirusTotal Does
VirusTotal is a library of file fingerprints and compared against aggregated antivirus scans to determine whether or not a file is known good or known bad. In recent years, this has extended to URLs. The standout addition to VirusTotal Enterprise is Private Graph, which allows companies to test its own infrastructure and data for malicious code.
"The feature will enable companies to shove their own data into VirusTotal to run analyses against billions of malware samples, visualizing connections between certain strains and corporate entities including people, departments, servers and emails," The Register explained. "Private Graph is outfitted for secure team collaboration, making it more suitable for incident response."
This a huge benefit, according to Joseph Carson, chief security scientist at Thycotic. Typically, the problem with antivirus solutions is that they typically scan against only the most recent or most popular threats so they don't over-consume system resources. With the growth of malicious software, AV software was missing many known threats or impacted the users experience.
To address that problem, VirusTotal started to aggregate the known malicious content. It gathered a large repository of files and is working more than 60 vendors to correlate how each file is associated with malware and its malware classification. The service also includes information about domains and IPs and whether they might be considered malicious or compromised.
Ease of Use
Because small business may not have the technical staff in place, you want a security tool that is intuitive and effective, but also easy to use. At its basic level, VirusTotal fits the bill.
"VirusTotal is quite easy to use, you can either upload a suspicious file manually using the interface or obtain an API and do it automatically," said Carson. "All of this can take seconds or minutes depending on how much integration you need."
But if there are indications that these may be associated with malware, one quickly gets into a thicket of a potentially large number of files (each identified by hashes) with varying opinions and labels expressed by different vendors about the files, warned Oliver Tavakoli, CTO at Vectra, and now you are moving into more complicated territory.
"VirusTotal provides value only if you have the necessary staff to extract value from it," Tavakoli added. "This is reflective of the fact that the VirusTotal data repository is of most value to large and expert IT security teams." Traditionally, the VirusTotal premium services were geared to larger businesses. Enterprise claims to be accessible for small business, but its efficiency for the smallest companies will be something to observe over time.
Is VirusTotal Right for Your Business?
Should you consider using VirusTotal in your company? Carson thinks that small businesses would benefit significantly from solutions that integrate into VirusTotal, so they can be more effective and alert on malicious threats that some AV products will easily miss. Tavakoli is more skeptical, thinking businesses will generally struggle to make comprehensive use of tools like VirusTotal, as this would require skilled analysts and a relatively expansive cybersecurity practice.
In the end, Carson said, "It is good to know what VirusTotal provides, though I would recommend small business owners use a solution that integrates seamlessly into VirusTotal and provides automatic benefits rather than trying to go it alone."