Danny Yang

Threat Emulation Engine Update 7

Discussion created by Danny Yang on May 24, 2018
Latest reply on Jun 18, 2018 by Danny Yang

Hi, 請留意目前最新的TE engine 7更新資訊。(版本: 57.99002577)

sk95235 Threat Emulation Engine Update - What's New?

 

What’s New:

·         CADET (Context-Aware Detection and Elimination of Threats)

o   CADET improves Threat Emulation precision by incorporating all existing Threat Emulation features in Machine Learning (ML) mode. ML is tuned to improve accuracy, increasing the number of threats detected and reducing the number of false positives.

o   Currently, CADET focuses on executable files, and applies only to cloud emulations.

 

·         Threat Prevention by file source URL.

·         Improved Static Macro analyzer. Improved detection of malicious macros in Office documents.

·         Improved executable file analysis performance by approximately 40%.

·         YARA for all file support – Early Availability. This feature is currently off by default. To enable, see sk123156.

·         New anti-evasion techniques.

·         Additional features in Threat Emulation reports:

o   Added  tecli command for configuring the malicious file password.

o   Added HTTP attack vector which includes the download source URL and its reputation.

o   Added time stamp to the attack vector.

o   Added the option to download packet capture.

o   Show the entire file path for archive/dropped/embedded descendants.

o   Show emulation video instead of static screenshots.

 

·         Improved Cloud Emulation queue wait time by approximately 50%.

 


 

 

 

Outcomes