Over the last 6–9 months, we have witnessed many CISOs and their teams have been making strategic decisions about how they approach and harden their malware and phishing defenses:
I had a chance to observe and discuss at the Gartner Risk & Security Summit in London last week. Here are some of my – maybe contentious – takeaways.

Key shifts we’re seeing from CISOs:

Probably the most unexpected shift we have seen in 2025 so is the shift back to on-premise deployments. But then again…

• Cloud-first? The Move to On-Prem Deployments

Privacy and geopolitical sensitivities are challenging Cloud-first strategies. For compliance, control, and performance, organizations are increasingly running sandbox-based analysis platforms in their own environments. At the Gartner event in London, we even spoke to a French CISO, who currently has their entire SOC outsourced to an MDR provider and who wants to bring “core competencies” back in house. This is very much in line with the Gartner recommendation to “Define Business Case and arguments to keep SOC inhouse”.

• The Imperative of Speed and Fact-Based, In-Depth Insights to generate Threat Intelligence 

  The fact that cyber attacks arrive faster and in greater numbers than any human team can manage is not new. Nor are endless alert queues, log reviews, and late-night triage strain security operations. But speed alone isn’t enough. Acting quickly without context risks wasted effort, business disruption, and missed threats. What organizations need is speed and in-depth insights. That’s why the integration of your network, email, endpoint, and other detection tools with a sandbox-based threat analysis platform for malware and phishing is no longer optional — it’s essential to prepare for the age of AI.

• The AI Element: Only Accuracy at Scale Powers Clarity

While the industry is deafened by the noise of conversations about AI, leading CISOs are doubling down on SOC Automation, AI can only be harnessed to enable efficiency, speed and consistency at scale. With VMRay, you can automate recursive detonation, triage, and enrichment, and correlates subtle signals across email, endpoint, network, and cloud telemetry. By embedding a sandbox-based threat analysis platform for malware and phishing into your SOC infrastructure, you can transform raw data into clear, human-readable insights — uncovering hidden attack chains and enabling fast, informed responses. If you operate your SOC on this, AI can be converted into a constrcutive enabler.
Without it, you increase the risk of having your AI efforts and your SOC fail.

• The Human Element: Expertise Guides Strategy in the age of AI

While automation and sandbox-based analysis deliver speed and insights, the expertise of human analysts remains indispensable. People bring expertise, purpose, common sense, intuition, creativity, and strategic judgment that no system can replicate. Analysts interpret nuanced business risk, prioritize actions that align with organizational goals, and drive proactive hunting efforts. Freed from repetitive triage, and supported by reliable, content rich, indepth insights, they can focus on complex investigations and long-term resilience, turning security operations into a strategic advantage. In Gartners words: “build a human-driven business continuity plan”!

👉 Curious to discover more about what we learned from our customers? Explore Real-World Results from Your Peers

________________________________________________________________________________________________________________________________________________________________________________

How It Works

Step #1: Automate Malware and Phishing Analysis at Scale

1. Automated Routing
   Alerts from EDRs and other detection tools flow automatically into the sandbox platform.
2. Recursive Analysis of the Full Delivery Chain
   We detonate every suspicious object end-to-end:
   • Double-clicking the link
   • Scanning the QR code
   • Downloading the payload
   • Executing the malware

   This exposes the entire attack chain in a controlled environment.

3. Human-Readable Reports
   Detailed behavioral reports are generated — in a format that CISOs and analysts can understand at a glance.
4. Seamless Integration Back into Your SOC
   All findings are automatically fed into your existing tools — EDR, SOAR, TIP, SIEM — to enrich detections, accelerate response, and eliminate silos.

• Architecture drawing (NIST)

Step #2 Building a Complete Threat Profile

Some advanced organizations take it further. In addition to analyzing their own inbound attacks, they enrich their view with external data sources:

• Phishing lakes
• Honeypots
• Third-party intelligence feeds

This combined data generates a comprehensive organizational threat profile — giving CISOs and their teams a clear view of the tactics and trends most likely to target them.

• visual on threat profile completion 

What CISO Gain

This shift transforms the SOC from a reactive alert factory into a strategic intelligence hub. With a sandbox-based threat analysis platform for malware and phishing at the core, you:

• Learn from every attempted attack
• Continuously refine defenses based on real adversary behavior
• Reduce business risk by staying ahead of evolving threats

👉 This is how your peers are already building resilience. The question is: are you turning every attack into intelligence, or letting those insights go to waste?

_________________________________________________

Why VMRay

VMRay delivers the world’s most advanced sandbox-based threat analysis platform, trusted by enterprises, government agencies, and MSSPs to:

• Detect and analyze novel, targeted, and evasive malware and phishing threats
• Automate triage and accelerate response
• Build reliable threat intelligence to strengthen long-term resilience

Request a hands-on demo of VMRay’s automated detection & analysis platform and experience how speed and in-depth insights transform your security operations.