By Joseph Menn
SAN FRANCISCO (Reuters) - Some information security companies that were shut out of the leading system for sharing data on malicious software are revealing more about how their own systems work in hopes of rejoining the cooperative effort, a shift that should improve protections for customers throughout the industry.
CrowdStrike, one of the most prominent young security companies threatened with exclusion from some shared services, said it has integrated part of its system for detecting malicious software with VirusTotal, the main industry repository for disclosing and rating risks of malware and suspect files.
Alphabet Inc's Google runs the VirusTotal database so security professionals can share new examples of suspected malicious software and opinions on the danger they pose. In May, the 12-year-old service said it would cut off unlimited ratings access to companies that do not share their own evaluations of submitted samples.
CrowdStrike is opening up a machine-learning process for malware evaluation, after discussions with VirusTotal on how to make the systems compatible.
"It will be very helpful to have the engine out so people can see for themselves how well it is working," CrowdStrike Chief Technology Officer Dmitri Alperovitch told Reuters ahead of a public announcement on Thursday.
VirusTotal did not respond to a request for comment. People familiar with the situation told Reuters said that two other "next-generation" security companies are expected to integrate with VirusTotal by the end of next month.
More are likely, the people said, a hopeful sign that a serious rift between older and newer security companies can be healed in service of the general good.
Some newer companies disparage the way that older vendors such as Symantec Corp, Intel Corp and Trend Micro Inc recognize malware based on signatures, or characteristics that have been spotted before. The younger companies say they use behavioral monitoring, machine-learning and other modern techniques to stop fast-changing malware.
Symantec, Intel, Trend Micro and other older companies say they also use similar new methods.
But some of the younger companies still used VirusTotal's assessments from old-line companies, without contributing their own evaluations. The dispute was partly based in technological compatibility with VirusTotal's system, an issue CrowdStrike said it and VirusTotal had solved.
Dennis Batchelder, general manager of an industry group called the Anti-Malware Testing Standards Organization, predicted that more new companies would re-integrate with VirusTotal. Machine learning systems would benefit from access to the VirusTotal database, he said.
But some of the companies who parted with the VirusTotal ratings said they had no plans to make up.
"We did make attempts early on to engage with VirusTotal with the hopes that they would find a way to take advantage of our behavior-based detection model," said SentinelOne Chief Marketing Officer Scott Gainey. "To our knowledge, those interfaces still do not exist today."
And Stuart McClure, chief executive of Cylance Inc, pointed out that his company and others can still get samples of malicious software from VirusTotal, just not the opinions of other companies about those samples.
"We don't integrate with VirusTotal," McClure said by email. "The VirusTotal pullout has not impacted us at all."
(Reporting by Joseph Menn)