BinaryAlert: Real-time Serverless Malware Detection

YARA is a powerful pattern-matching tool for binary analysis. Unlike a simple hash-based signature, YARA rules can classify entire families of malware according to common patterns. As YARA sees more widespread use within the security community, we wanted to find a way to leverage YARA rules to scan for malicious files across our entire organization. Other security tools support YARA rule integration, but we could not find a private, low-cost, scalable, batteries-included solution that was easy to deploy and maintain. For example, VirusTotal supports YARA rule matching against file submissions, but it is a public service and not designed for analyzing internal files and documents with varying levels of confidentiality and sensitivity.