Getting Started
Trust CenterTourStatusPageSupport

What is Variant Discovery?

Suggest Edits

Variant discovery is Stairwell's proprietary detection capability that makes extremely high confidence comparisons of all the objects/files ingested into the platform.

Malware can change in dramatic ways due to versioning, obfuscation, encryption, complex packing methodology, junk & polymorphic code in order to evade signature based detection. For defenders to be ahead of these ever changing attacks, "knowing" what a particular type or family a suspected piece of malware belongs to is not enough.

Typically, this is where large organizations employ highly skilled reverse engineers to unpack, decompile and deobfuscate a threat to take inventory of the contents. Then, they compare the findings to all the other known threats they have access to, to look for significant evidence of similarities. This is obviously not a scalable defense and puts a heavy strain on valuable resources.

Stairwell, automates the analysis and comparison of every file ingested good, bad, or unknown. Based on our Mal-Eval technology, we apply findings from static and dynamic analysis, file attributes, actions, detonation data, source code, and over a million unique data points to compare each file to every other one in our global repository of over 630 million objects at the time of this writing.

Why variant discovery matters: EDR/XDR is complex and a delicate balance between in-depth detection of maliciousness and resource utilization on the endpoint. Preventing bad from accessing the host system with split second decisioning is critical BUT, advanced malware is engineered to take advantage of these resource limitations which allows novel attacks to succeed.

  1. File analysis in Stairwell is completely out of band and benefits from unlimited compute, storage, and bandwidth needed to thoroughly investigate every file.
  2. Variant discovery adds an additional dimension of detection by comparing new files to hundreds of millions of other known good/bad even before a particular exploit/malware discovery is publicized.
  3. Variant discovery can identify past threats by retroactively hunting for variants of current threats such as those that have recently published in a threat report or threats that were engineered to bypass endpoint detection.

Updated about 1 year ago

What’s Next