Digital SecurityTechnology For SMEs

Kaspersky Expands its Product Portfolio with Sandboxing Technology

Sharing is caring!

Last year, about half (45%) of enterprises experienced a targeted attack, a Kaspersky survey of IT decision makers revealed. These threats are often designed to only work in a specific context within the victim’s organization: for example, a file may perform nothing malicious until an exact application is opened, or unless a user scrolls through the document. In addition, some files can identify that they are not in the end-user environment – for instance, if there is no sign that anybody is working on the endpoint – and won’t run the malicious code. However, as a SOC usually receives numerous security alerts, analysts cannot manually investigate all of them to identify which one is the most dangerous. 

What is Kaspersky Sandbox

To help companies analyze advanced threats more accurately and timely, Kaspersky’s sandboxing technologies can now be implemented inside a customer’s organization. The Kaspersky Research Sandbox emulates the organization’s system with random parameters (such as user and computer name, IP address, etc.) and imitates an actively-used environment, so that malware cannot distinguish that it is running on a virtual machine.

Kaspersky Research Sandbox has evolved from the internal sandboxing complex used by the company’s own anti-malware researchers. Now these technologies are available for customers as an isolated on-premises installation. Therefore, all the analyzed files will not leave the company perimeter, making the solution suitable for organizations with tight data sharing restrictions. 

Kaspersky Research Sandbox has a special API for integration with other security solutions, so that a suspicious file can be automatically sent for analysis. The results of analysis can also be exported to a SOC’s task management system. This automation of repetitive tasks cuts down the time required for incident investigation. 

As the solution is installed in the customers’ network, it provides more capabilities to mirror its operating environment. Now, virtual machines from the Kaspersky Research Sandbox can be connected to an organization’s internal network. As a result, it can reveal malware designed to run only in a certain infrastructure and get an understanding of its intentions. In addition, analysts can set up their Windows version with specific pre-installed software to completely emulate their enterprise environment. It simplifies an organization’s detection of environment-aware threats such as the recently discovered malware that was used in attacks against industrial companies. Kaspersky Research Sandbox also supports Android OS to detect mobile malware.

Kaspersky Research Sandbox provides detailed reports on file execution. The reports contain execution maps and an extended list of events performed by the analyzed object, including its network and systems activities with screenshots, as well as a list of downloaded and modified files. By knowing exactly what each malware does, incident responders can come up with the required measures to protect the organization from the threat. SOC and CERT analysts will also be able to create their YARA rules to check analyzed files against them. 

Our Kaspersky Cloud Sandbox, launched in 2018, works perfectly for organizations who need to analyze complex threats without additional investment in hardware infrastructure. However, organizations with internal SOCs and CERTs, and strict restrictions on data sharing require more control over files they analyze. Now, with Kaspersky Research Sandbox they can choose the deployment option that suits them the most as well as being able to customize on-premises sandboxing images to any enterprise environment,” comments Veniamin Levtsov, VP, Corporate Business at Kaspersky. 

Kaspersky Research Sandbox can be integrated with Kaspersky Private Security Network. It allows organizations to not only gain insights on an object’s behavior, but also receive information on the reputation of downloaded files or URLs the malware communicated with from the Kaspersky threat intelligence database installed within a customer’s data center. 

Kaspersky Research Sandbox is a part of the Kaspersky product portfolio for security researchers. It includes the Kaspersky Threat Attribution Engine, Kaspersky CyberTrace and Kaspersky Threat Data Feeds. This offering helps organizations to validate and investigate advanced threats and facilitates incident response by providing relevant threat information.

SMEStreet Edit Desk

SMEStreet Edit Desk is a small group of excited and motivated journalists and editors who are committed to building MSME ecosystem through valuable information and knowledge spread.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: