Tag Archives: Sandbox

The Kaspersky Cloud Sandbox Service Revealed!

To help companies improve their investigation and response to complex threats, Kaspersky Lab just launched a new service called Kaspersky Cloud Sandbox. It gives businesses the opportunity to take advantage of sandboxes without any additional investments into hardware infrastructure.

The Kaspersky Cloud Sandbox solution is available by subscription as part of the Kaspersky Threat Intelligence Portal. Allowing customers to ‘detonate’ suspicious files in a virtual environment with a full report on the file’s activities, it is designed to boost the efficiency of incident response and cybersecurity forensics without any risks to the company’s IT systems.

 

The Kaspersky Cloud Sandbox Revealed!

Exploiting legitimate software flaws became an efficient commodity for cybercriminals in 2017, as malicious activities can be easily hidden behind trusted processes. Even an experienced cybersecurity team can’t always be sure if it has spotted all the malware using such concealment techniques.

To achieve that, teams have to be equipped with advanced detection technologies, including sandboxing, which often requires significant hardware investments that are not easily feasible for many IT Security teams.

With Kaspersky Cloud Sandbox, advanced detection and forensic capabilities are available as a service within the Kaspersky Threat Intelligence Portal, allowing cybersecurity teams to ensure they meet their budget requirements while also benefitting from advanced technology.

The service enables cybersecurity teams and security operations center (SOC) specialists to obtain deep insights into malware behavior and design, detecting targeted cyberthreats that were not identified in the wild.

Advanced anti-evasion techniques: revealing a hidden truth

To lure malware into revealing its harmful potential, sandbox technology performance should possess advanced anti-evasion techniques. A malicious program, developed to run in a certain software environment, will not explode on a ‘clean’ virtual machine, and will most probably destroy itself without a trace.

To avoid this, Kaspersky Cloud Sandbox applies the user’s various emulation techniques, such as Windows button clicking, document scrolling, special routine processes giving malware an opportunity to expose itself, the randomization of user environment parameters and many others.

Logging system: nothing gets missed in the noise

Once a piece of malware starts running its destructive activities, another innovative Kaspersky Cloud Sandbox technology comes to force: its logging subsystem intercepts malicious actions non-invasively.

When a Word document starts to behave suspiciously – for example, if it starts building a string in the machine memory, executing Shell commands, or dropping its payloads (all abnormal activities for a text document) – these events are registered in the Kaspersky Cloud Security logging subsystem.

It has extensive functionality able to detect a vast spectrum of malicious events including DLLs, registry key registration and modification, HTTP and DNS requests, file creation, deletion and modification etc. The customer is then provided with a full report containing data visualization graphs and screenshots, as well as a readable sandbox log.

Detection and incident response performance: second to none

Kaspersky Cloud Sandbox detection performance is backed up with big data of real-time threat intelligence from Kaspersky Security Network (KSN), providing customers with immediate status on both known and new threats discovered in the wild.

Advanced behavioral analysis based on more than 20 years of Kaspersky Lab threat research experience of fighting the most complex threats, allows customers to detect previously unseen malicious objects.

[adrotate group=”2″]

As well as getting advanced detection capabilities, SOC experts and researchers can amplify their incident response activities with other services available through the Kaspersky Threat Intelligence Portal.

When performing digital forensics or an incident response, a cybersecurity officer can receive the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, threat names, statistical/behavior data and WHOIS/DNS data, and then link that knowledge to the IOCs generated by the sample that was analyzed within the cloud sandbox.

APIs to automate its integration into customer security operations are also available, allowing cybersecurity teams to boost their incident investigations in a matter of minutes.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

 

SonicOS 6.2.6 Advanced Protection Now Available

Kuala Lumpur, 1 August 2016SonicWALL customers observed dramatic increases in their network security during the technical preview of SonicWALL Capture Advanced Threat Protection Service.

 

Dell SonicOS 6.2.6

With the announcement of the general availability of SonicOS 6.2.6 firmware, SonicWALL Capture is the industry’s first multi-engine sandbox that enables customers to block suspicious files until a verdict is reached. Additionally, SonicOS 6.2.6 features an enhanced Content Filtering Service that gives organisations the power to easily enforce protection and productivity policies to control access to inappropriate or unproductive web content.

Available for use with SonicWALL TZ, NSA and SuperMassive 9000 series firewalls, SonicOS 6.2.6 with SonicWALL Capture protects customers from today’s most advanced threats, including zero-day attacks.

Malicious code authors have developed techniques allowing malware to detect the presence of existing sandboxes and use this information to evade detection. To combat these techniques, SonicWALL Capture utilises three technically different cloud-based threat analysis sandboxing engines, making evasion almost impossible. Capture also has the ability to accept the broadest range of file sizes and types and can be configured to block suspicious files from entering the system until a verdict is reached.

Angel Torres, CIO of Credit Services, Inc. reports, “The new SonicWALL Capture service is another key addition to the suite of security tools that help us battle the new challenges that we face on a daily basis. By providing this new service, it feels like we have a partner working with us in the fight to keep our system secured. By preventing malicious files from entering our system, it helps keep our clients and our company more secure from new threats as they emerge.”

“We did some evaluations of other sandbox solutions, but SonicWALL Capture was the easiest to implement and most cost-effective to license and manage. Because it’s offered as an upgrade to our firewall and only requires a firmware update, testing and eventual deployment into a production environment was really easy. We are looking at utilising this at our other sites as we focus on multiple, layered approaches to security,” stated Zachary A. Radke of Santa Fe Senior Living.

 

SonicWALL Content Filtering Service 4.0

The new SonicWALL Content Filtering Service 4.0 available in SonicOS 6.2.6 enables IT to enforce protection and productivity policies and block inappropriate, unproductive and illegal web content from the network. Key new features in this version include:

[adrotate banner=”4″]

Block-page override, Bandwidth Management and Confirm actions ‒ In addition to the current allow and block methods, CFS 4.0 also offers block-page override (passphrase), bandwidth management, and confirm actions, giving administrators additional controls to individual domain categories. These five methods are configurable at the policy level (versus a global setting). This can enable educational institutions, for example, to personalise the teaching experience for specific schools, classrooms or groups of users behind a firewall, empowering teachers and IT administrators to facilitate a better and more productive learning experience.

YouTube Restricted mode ‒ Similar to parental controls, YouTube Restricted mode helps inhibit the search for, or access to, inappropriate videos based on YouTube’s proprietary technology.

“The SonicWALL CFS version 4.0 has given us more power over the filtering system by allowing us to control the priority of the policies,” said George Morris, IT Administrator at Peru Community Schools. “This lets us set multiple allow or deny rules and have users with multiple policies, and still maintain complete accuracy of the outcome. We view these enhancements as proof that the best just got even better.”

 

SonicOS 6.2.6 Availability

SonicWALL SonicOS 6.2.6 will be generally available August 1. SonicWALL Capture ATP Service will be available for SonicWALL SuperMassive 9000 series, NSA firewalls and select TZ firewall models August 1. Current customers should contact their account representatives.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!