VMware Contexa, the VMware Threat Intelligence Cloud

VMware Contexa™ sees what others don’t, powering VMware Security to stop threats others can’t.

Get a Full-system Emulation Sandbox for Accurate Threat Analysis

See all malware interactions with in the operating system, including evasive behaviors, with a Full-system Emulation Sandbox. Enable deep visibility into all artifacts traversing the data center using advanced AI techniques.

Industry's First NDR Test

Leverage NSX Sandbox for complete visibility into – and protection against – advanced malware that can evade other defenses.

Exposing Emotet’s Cybercriminal Supply Chain

Get our latest threat report exposing tactics and development lifecycles of two new epochs of Emotet attacks and see how you can mount an ironclad defense.

Analyze Advanced Threats

Enable analysis of malicious objects used in advanced, targeted, and zero-day attacks, even when the malicious objects are embedded inside encrypted traffic.

Provide Complete Visibility

Present malware behavior in detailed reports that include all behaviors discovered during analysis. Map malicious activity to the MITRE ATT&CK framework to illuminate the risk associated with each malicious event.

Detect Malware Others Miss

See malware behavior that other technologies miss. VMware includes Deep Content Inspection™ to simulate an entire host (including CPU, system memory, and all devices), interact with malware, and observe all actions malicious objects may take.

Leverage Real-Time Threat Updates

Take advantage of VMware’s extensive threat knowledge base. Enable real-time updates of malware characteristics and behaviors for faster detection and analysis of previously unseen threats and accelerated response time to malicious activity.


Emulation Environment

Unique isolation and inspection environment that emulates an entire host.

Automated Analysis

Automatic deconstruction of every behavior to determine maliciousness.

Real-Time Reporting

Interactive real-time threat intelligence dashboard streamlines threat hunting.

Content Inspection

Deep content inspection for 150+ file types—from .asc to .zip.

Related Resources

Detecting Malware Without Feature Engineering Using Deep Learning

A new approach to detecting malware with deep learning and continuous training boosts accuracy.

Countering the Rise of Adversarial Machine Learning

Leverage a solution that layers multiple machine learning algorithms and other types of advanced detection.

How Machine Learning and AI Fit Into Information Security

Powerful as they are, AI and ML ideally contribute to a synthesis of security information for SOCs.

Frequently Asked Questions

NSX Sandbox is unique in its ability to do full system emulation. Full system emulation (FUSE) sandboxes emulate the entire hardware: CPU, memory, and I/O devices. FUSE allows the sandbox to interact with the malware and conduct "Deep Content Inspection." This enables the sandbox to view everything the malware is doing and lets analysts carefully study its operation. Because it emulates everything, it is much more difficult for cybercriminals to evade the sandbox.

NSX Sandbox behavior-based detection interacts with the running program and looks at the actions that the program is attempting to take. If the program is trying to do things that appear to be malicious, the behavior-based detection solution will trigger and either the user will be prompted with a notice or the item will be automatically quarantined. Behavior-based sandboxes can detect malware that implement minor changes to evade matches against existing signatures, thereby avoid detection by signature-based systems. Behavior-based sandboxes also detect completely new types of malicious programs that have not been seen before.

NSX Sandbox supports more than 150 file types. Click here for more information.

Ready to Get Started?

Experience the power of full system emulation for malware analysis.