Anti-Malware - Virus Total
VirusTotal is an industry leading tool available as an online service that allows users to analyse files and URLs for potential malware infections. It acts as a centralized platform, providing a collaborative approach to cybersecurity by leveraging the power of multiple antivirus engines and other security tools.
Features
- Provides context around organization’s observations and logs
- 15 years of malicious sightings to expedite investigations/discovery
- Lightning-fast answers to profile adversaries and discover threats
- Multi-scanning (10+ sandboxes, 20+ static-analyzers, and 70+ antivirus solutions)
- Agnostic to file types.
- Provides unrivalled characterization of files and network locations
- Offers 360º coverage of unknown artifacts.
- Helps improve security posture by identifying threats
Benefits
- Holistic view of threats
- VirusTotal’s simplicity supports teams with limited technical resources
- VirusTotal benchmarks an organisations endpoint protection tools
- Provides emerging threats insights and patterns across the cybersecurity landscape
- Users can explore past threats and understand their evolution
- Analyzing files/URLs, VirusTotal contributes to a collective threat-intel pool
Pricing
£24,000 a unit
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 8 0 2 0 3 3 8 0 5 2 0 9 8 4
Contact
Brookcourt Solutions
Phil Higgins
Telephone: 01737 886111
Email: contact@brookcourtsolutions.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- N/A
- System requirements
-
- Avast Software (which includes VirusTotal): See below
- Windows 11 (except Mixed Reality and IoT Edition)
- Windows 10 (except Mobile/IoT-Edition, both 32-bit and 64-bit)
- Windows 8/8.1 (except RT and Starter-Edition, 32-bit and 64-bit)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
VirusTotal will provide reasonable support to Customer for technical or operational issues
related to the Covered Service. VirusTotal will use commercially reasonable efforts to reply to Customer’s written
inquiry within 2 business days of VirusTotal’s receipt of Customer’s request. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
-
Visit the VirusTotal Contact Us - Support page.
Provide your inquiry details, including your corporate email address and specify where you need support1.
Confirm the details and submit your request. - Web chat accessibility testing
- N/A
- Onsite support
- No
- Support levels
-
VirusTotal will provide reasonable support to Customer for technical or operational issues related to the Covered Service. VirusTotal will use commercially reasonable efforts to reply to Customer’s written
inquiry within 2 business days of VirusTotal’s receipt of Customer’s request - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- There is comprehensive users guides within the Virus Total "VTDoc" library.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Virus Total is a cloud service that provides access to its portal and subsequent services based on the contract length agreed with the client. Upon termination of the contract all client data is deleted so any data should be retrieved before the termination date.
- End-of-contract process
- As a cloud provider the service access is disabled. customer data be exported at any point prior to subscription termination, once the subscription is terminated, VirusTotal retains uploaded files and their metadata for a limited period. The exact duration may vary, but typically, files are retained for a certain number of days (e.g., 30 days). After this period, the files are automatically deleted from the system.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- While both mobile and desktop devices face similar security threats, user behaviour, screen size, and processing power contribute to the differences in how VirusTotal is experienced on these platforms.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- VirusTotal provides a web-based interface that allows users to interact with their services. It can be accessed through the Virus Total Website. For more convenient scanning, users can install browser extensions: VT4Browsers for Google Chrome, Mozilla Firefox, and Microsoft Edge. These extensions allow the user to scan files and URLs directly from your browser context menu.
- Accessibility standards
- None or don’t know
- Description of accessibility
-
Virus Total capability through the web interface:
- File Scanning: Upload files (up to 256 MB) for scanning. VirusTotal checks the file against multiple antivirus engines and provides a report.
- URL Scanning: Enter URLs to check if they are safe or potentially malicious.
- Search Functionality: Search for files, URLs, and domains to see their historical scan results.
- Community Contributions: Contribute to the community by scanning files and URLs.
- API Access: If you have an API key, you can use the VirusTotal API for programmatic access. - Accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
-
VirusTotal API:
Upload a file for scanning: analysis your file with 70+ antivirus products, 10+ dynamic analysis sandboxes and a myriad of other security tools to produce a threat score and relevant context to understand it.
Get a file report by hash: given a {md5, sha1, sha256} hash, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products, 10+ dynamic analysis sandboxes and a myriad of other security tools and datasets.
Scan URL: analysis your URL with 70+ antivirus products/blocklists and a myriad of other security tools to produce a threat score and relevant context to understand it.
Get a URL analysis report: given a URL, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products/blocklists and a myriad of other security tools and datasets.
Get a domain report: given a domain, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products/blocklists and a myriad of other security tools and datasets.
Get an IP address report: given an IP address, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products/blocklists and a myriad of other security tools and datasets. - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
VirusTotal provides some customization options for users.:
1. User Account Settings:
o API Keys: Generate and manage API keys for programmatic access.
o Notifications: Customize email notifications for scan results, comments, and more.
o User Profile: Update your profile information and preferences.
2. Custom Scans:
o While the basic scanning process is automated, you can customize your scans by:
Choosing Specific Engines: You can select specific antivirus engines to use during the scan.
Adjusting Heuristics: Customize heuristics and sensitivity levels.
Ignoring Certain Engines: Exclude specific engines from the scan if needed.
3. API Integration:
o If you’re a developer or want to automate tasks, you can use the VirusTotal API.
o Customize your interactions with VirusTotal programmatically by integrating the API into your workflows.
4. Browser Extensions:
o Install the VT4Browsers extension for Chrome, Firefox, or Edge.
o This extension allows you to scan files and URLs directly from your browser context menu.
5. Custom Scripts and Workflows:
o If you have specific requirements, you can create custom scripts or workflows that interact with VirusTotal.
o Use the API or other available tools to tailor your experience.
Scaling
- Independence of resources
- Virus Total are a wholly own company of Google, and is resident on Google Cloud infrastructure. Virus Total's infrastructure is scaled in such a way as to ensure resource utilisation is not an issue for Virus Total Enterprise clients.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Reseller (no extras)
- Organisation whose services are being resold
- Virus Total
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- Other locations
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Other
- Other data at rest protection approach
- Virus Total platforms are resident on Google cloud infrastructure, and utilise their strong and secure procedures and policies.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
1. Malware Trends Report: Emerging Formats and Delivery Techniques:
-VirusTotal periodically releases reports on malware trends.
2. File Attributes:
-When analyzing individual files, you can find relevant basic attributes about the file and its relationship with VirusTotal. These include:
Capabilities Tags: A list of representative tags related to the file’s capabilities
Creation Date: Extracted when possible from the file’s metadata
3. VirusTotal Graph:
-VirusTotal Graph is a powerful visualization tool built on top of the VirusTotal data set. It helps investigators understand relationships between files, URLs, domains, IP addresses, and other artifacts encountered during investigations. - Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Virus Total Service will be available for at least 99.9% of the time
in any calendar month. - Approach to resilience
-
Virus Total is resident on Google Cloud Infrastructure. Google Cloud provides a Security and Resilience Framework that helps organizations ensure continuity and protect their businesses against adverse security and cyber events.
Key components of this framework include:
Risk Assessment & Critical Asset Discovery: Evaluate your organization’s IT risk, identify critical assets, and receive recommendations for improving security posture and resilience.
Secure Software Supply Chain: Protect against supply chain vulnerabilities.
Zero Trust Architecture: Transform security with a Zero Trust approach.
Autonomic Security Operations (ASO): Deliver threat management, threat hunting, and incident response.
Rapid Recovery: Bounce back from security incidents like ransomware within minutes. - Outage reporting
- Virus Total uses a combination of API, email reporting and direct communications, where the service allows, to report service outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Company Confidential - details available through direct channels.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Ernst & Young
- ISO/IEC 27001 accreditation date
- 25/01/24
- What the ISO/IEC 27001 doesn’t cover
- Note - Virus Total resides on Google Cloud. See - https://cloud.google.com/security/compliance/compliance-reports-manager#/ReportType=Certificate&ProductArea=Google_Cloud
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- Ernst and Young
- CSA STAR certification level
- Level 4: CSA C-STAR Assessment
- What the CSA STAR doesn’t cover
- See - https://cloud.google.com/security/compliance/compliance-reports-manager#/ReportType=Certificate&ProductArea=Google_Cloud
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO/IEC 27017:2015
- ISO/IEC 27701:2019
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Information security policies and processes
- Virus Total has comprehensive InfoSec Policies and Procedures - these include, but are not limited to: Information Classification, Handling, Appropriate Use, Encryption, Hardening, Patching/Updates, Vulnerability Management, Permitted/Prohibited OEMs, OS/Browsers, Traveling with Device, Passwords, MFA/Authentication, Administrator Accounts, On-/Off-Boarding, Destruction/Sanitization, Third-Party Vendors, Malware, Training, NDA, Removable Media, Temporary Files, IoT, Generic/Shared Accounts, Secure Coding, Physical Security, Clean Desk, InfoSec Awareness, Incident Response.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Company Confidential - details available through direct channels.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
- Company Confidential - details available through direct channels.
- Protective monitoring type
- Undisclosed
- Protective monitoring approach
- Company Confidential - details available through direct channels.
- Incident management type
- Undisclosed
- Incident management approach
- Company Confidential - details available through direct channels.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
VirusTotal offers a free variation of its online service that scans files and URLs for malware, viruses, and other threats. It aggregates results from various antivirus engines and provides a comprehensive analysis of potential risks associated with a given file or URL. This contributes to the well being of society as a whole.
Pricing
- Price
- £24,000 a unit
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Virus Total is available for use as a free service to everyone. It includes basic and meaningful Virus Total capabilities. Paid for service tiers have a great set of features.
- Link to free trial
- https://www.virustotal.com/gui/home/upload