Kaspersky is announcing a new subscription service, Kaspersky Cloud Sandbox, available through the Kaspersky Threat Intelligence Portal to help companies improve their investigation and response to complex threats. The service allows businesses to take advantage of sandboxes without any additional investments into hardware infrastructure.
With the largest data leaks in 2017 exploiting legitimate software flaws, the need for cybersecurity teams to have access to advanced detection technologies has never been greater. Kaspersky Cloud Sandbox provides businesses with the opportunity to ‘detonate’ suspicious files in a virtual environment with a full report on the file’s activities.
The service enables cybersecurity teams and security operations center (SOC) specialists to obtain deep insights into malware behavior and design so that they can detect targeted cyberthreats that were not identified in the wild. The service is designed to equip businesses with advanced detection technologies that will boost the efficiency of incident response and cybersecurity forensics without any risks to the company’s IT systems.
Advanced Anti-evasion Techniques
To avoid potentially harmful malware infecting an organization, the service has advanced anti-evasion technology to detect threats. Kaspersky Cloud Sandbox applies the user’s various emulation techniques, such as Windows button clicking, document scrolling, special routine processes giving malware an opportunity to expose itself, the randomization of user environment parameters and many others.
Kaspersky Cloud Sandbox, using the virtual machine infrastructure, allows users to test suspicious files manually and automatically
Advanced Logging System
Once a piece of malware starts running its destructive activities, another innovative Kaspersky Cloud Sandbox feature is activated – the logging subsystem which intercepts malicious actions non-invasively.
For example, if a Word document starts to behave suspiciously – e.g. when it starts building a string in the machine memory, executing Shell commands, or dropping its payloads (all abnormal activities for a text document) – these events are registered in the Kaspersky Cloud Security logging subsystem.
It has extensive functionality that is able to detect a vast spectrum of malicious events. This includes DLLs, registry key registration and modification, HTTP and DNS requests, file creation, deletion and modification, etc. The customer is then provided with a full report containing data visualization graphs and screen shots, as well as a readable sandbox log.
Detection and Incident Response Performance
Kaspersky Cloud Sandbox detection performance is backed up with big data of real-time threat intelligence from Kaspersky Security Network (KSN) – providing customers with immediate updates on both known and unknown threats discovered in the wild. The technology’s advanced behavioral analysis is based on more than 20 years of Kaspersky Lab threat intelligence and experience in fighting the most complex threats.
SOC experts and researchers can further amplify their incident response activities with other services available through the Kaspersky Threat Intelligence Portal. When performing digital forensics or an incident response, a cybersecurity officer can receive the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, threat names, statistical/behavior data and WHOIS/DNS data, and more, and then link that knowledge to the IOCs generated by the sample that was analyzed within the cloud sandbox.
APIs are also available to automate its integration into customer security operations, allowing cybersecurity teams to boost their incident investigations in a matter of minutes.
“Businesses today are increasingly threatened by cybercrime through legitimate software flaws that can be mitigated with rapid incident response and digital forensics technologies,” said Rob Cataldo, vice president of enterprise sales at Kaspersky Lab North America. “Kaspersky Cloud Sandbox addresses these challenges as a new, unique offering for cybersecurity researchers and SOC teams, to aid the detailed analysis process of files. The new service allows cybersecurity teams to gain powerful insight into file behavior so that they can minimize threats without any risk to the organization’s’ IT infrastructure.”
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions