14 DAY TRIAL // Google announced last week that it was adding two new engines, CrowdStrike and Invincea, to its malware scanning platform VirusTotal.
Both are part of the new wave of next-gen anti-malware products that rely on machine learning algorithms to analyze behavior and network activity in order to detect anomalies and flag malware.
The news is of great importance if we take a look at how a Google announcement from May has changed the antivirus market in the last three months.
Google kicked out VirusTotal freeloaders in May
On May 4, Google published new API access rules on the VirusTotal blog. Google kicked out all security companies that were using VirusTotal's API to scan suspicious files and present the results to their clients, as they would be a real antivirus.
Google limited access to the full VirusTotal API only for companies that had a product listed in its scanning service. This meant that many next-gen anti-malware products that used machine learning algorithms were left out in the cold because they used VirusTotal to confirm their findings.
Vendors of classic signature-based products welcomed the move. Most of them had complained to Google about next-gen anti-malware products who pilfered their work, integrated the VirusTotal API as part of their products, but then engaged in aggressive marketing campaigns against old antivirus vendors, trying to discredit their credibility. You can see the irony for yourself and why Google felt the need to make this move.
Google left the door open for next-gen AV products
Google didn't close the door for next-gen anti-malware products for good. The company said that any vendor can integrate its product in VirusTotal and be granted access to the full API if they provided data back to the community, and join the Anti-Malware Testing Standards Organization (AMTSO).
On Thursday, CrowdStrike's became the first next-gen anti-malware vendor to join AMTSO, and its Falcon (ML) product became the first to join VirusTotal's rank.
A day later, Invincea announced it was joining AMTSO and VirusTotal as well. The company's product is called X and was started using US DARPA funding.