If you're charged with keeping malware out of your organization you're probably getting lots of visits from vendors of automated dynamic analysis systems for malware, the latest and greatest mouse trap being hawked by a slew of companies.

Automated dynamic analysis systems and sandboxes for malware are the latest "must-have" antivirus gap-filler. While signature-based detection and automated static analysis systems have continued to improve in incremental jumps, and have managed to keep pace with the threats they were designed to thwart, the overall percentage of malware threats that they're capable of detecting has been decreasing for a decade.

As a detection technology, the combination of these two methods probably ends up finding 10% to 20% of malware threats within one week of the malware being created and released by the bad guys. Ten years ago, that figure was likely in the 60% to 80% range.

To address the growing detection gap, the much touted and pimped solution is to use automated dynamic analysis systems (software- or appliance-based) to uncover the maliciousness of any binary file traversing the corporate network. The idea is to force any suspicious binary to run in a mock environment so it will exhibit its true behaviors, and if those behaviors are malicious, then the file is classified as malware. To deliver this mock environment just about all the vendors hawking "better mouse trap" solutions use some form of operating system emulation or (e.g. VMware).