As infosec professionals, we built Smokeproxy because we got tired of trying to conduct critical malware analysis and fraud investigations using VPNs built with a single use-case in mind: streaming another country’s Netflix shows.
The IP addresses used by cheap commercial VPNs generate suspicion because they’re well known to criminals. Once a fraudster suspects they’re being investigated, they’ll do everything they can to block your efforts. Worst of all, they’ll know exactly how to evade your investigation next time.
Some security teams try to cover their tracks by using an AWS EC2 box, but fraudsters are actively looking for this. A connection coming from a datacentre and a connection from a potential victim look very different. Because this is such a common pattern for investigations, fraudsters can easily automate a response to this, including blocking traffic that looks like it’s coming from an AWS box. Once this happens, investigation is almost impossible.
Mass-market VPNs and other workarounds can end up compromising the effectiveness of your malware analysis and investigations. They’re just not worth it.
In our experience, cheap mass-market VPNs end up being deceptively expensive. Fewer successful investigations means higher fraud losses and greater reputational risk.
Using Smokeproxy gives your security team the best possible chance of remaining undetected and preserving OPSEC while conducting malware analysis and fraud investigations. This leads to more successful investigations, and a better security response.