Final Week to Get a MacBook Air or Surface Pro 7 with Online Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

VMRay Analyzer, agentless malware analysis and rapid incident response: A SANS Product Review

  • Wednesday, March 14, 2018 at 1:00 PM EST (2018-03-14 17:00:00 UTC)
  • Matt Bromiley, Chad Loeven


  • VMRay

You can now attend the webcast using your mobile device!



Incident response cases move fast. Analysts typically collect data from all corners of the enterprise, from registry hives to logs to malware samples. And while teams are good at collecting malware samples, many dont have dedicated reverse engineers to turn those samples into actionable intelligence. Its time to change course.

VMRay wants to transform automated malware analysis with its agentless hypervisor-based approach. SANS analyst, instructor, and incident responder Matt Bromiley has tested VMRay Analyzer and put it through its paces. In this webcast and paper, he shares his experience with the product, including:

  • Ease of use, including product layout and barriers to success
  • Efficiency of the rapid reputation engine to determine file maliciousness
  • Integration with IR team workflows and third-party products
  • How VMRay Analyzer handles multiple malware samples to provide quick and actionable answers to incident responders.

Attend this webcast to see how VMRay Analyzer can become an integral part of your incident response team and be among the first to receive the associated white paper.

View the associated white paper here.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response instructor, teaching FOR508 (Advanced Incident Response, Threat Hunting, and Digital Forensics) and FOR572 (Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response). He is a principal consultant at a global incident response and forensic analysis company, combining his experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence; and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Chad Loeven

Chad has been involved in enterprise security for over 20 years. Prior to VMRay he managed technology alliances at RSA, the security division of EMC. He came on board RSA via its acquisition of Silicium Security and Silicium's ECAT ETDR (Endpoint Threat Detection and Response) technology, where he ran sales and marketing. Prior to joining Silicium, he ran Sunbelt Software's Advanced Technology Group (ATG), bringing to market the CWSandbox malware analyzer and Sunbelt's ThreatTrack threat intel feeds. Sunbelt was acquired by GFI, and is now ThreatTrack Security. As president of VMRay Inc. he oversees operations and all sales and marketing activities worldwide outside of Europe.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.