What is Mal-Eval?
Mal-Eval is Stairwell's proprietary machine learning technology, automating analysis of every file ingested into the platform by creating derived datasets leveraged throughout the entire platform.
An experienced defender can quickly infer and correlate attributes from an IoC to rule out or raise suspicion for a given situation. Whereas inexperienced analysts may require hours to come to the same conclusion.
Mal-Eval bridges this decision-making gap, minimizing resource expenditure on benign threats and ensuring that human focus and escalation efforts are directed where they are most needed.
Mal-Eval uses millions of signals to analyze each unique object's attributes to produce: likelihood of maliciousness (verdict), association with other objects (variant detection), confidence score, and severity rating.
While we won't disclose all of the data points Mal-Eval is based on, some of the most critical ones include:
- Static and dynamic object analysis
- Yara matches
- Behavioral signals
- User opinions
- Rescanning
- Manual investigations by Stairwell's threat research team
Why Mal-Eval matters:
Nearly every security platform detection component relies on a funnel approach for each layer of threat analysis. If a particular threat does not merit further analysis based on current detection criteria, the process can stop abruptly. This gap in coverage is where novel threats and advanced attacks bypass the initial analysis stages and evade detection. Stairwell scans every object with Mal-Eval at ingestion and analyzes each layer upfront. This allows us to identify malware variants before they are known to the public.
Due to all of Stairwell’s analysis being out of band and of zero cost to the host system, Stairwell can catch threats that endpoint solutions can miss. EDR/XDR is critical and highly complex. No solution can catch everything nor can every endpoint agent exhaustively probe every file it encounters. There is a difficult balance that has to be maintained between effectiveness and resource utilization which is why some compromises are made. Stairwell works incredibly well in parallel with today's best endpoint solutions, covering common gaps by shifting deep file analysis to your private cloud; circumventing constraints of on-prem computing resources and processing time.
Updated 4 months ago