New Kaspersky cloud sandbox boosts complex threat investigation and response



Kaspersky Lab announced this week a new subscription service, Kaspersky Cloud Sandbox, available through the Kaspersky Threat Intelligence Portal to help companies improve their investigation and response to complex threats. The service allows businesses to take advantage of sandboxes without any additional investments into hardware infrastructure.

With the largest data leaks in 2017 exploiting legitimate software flaws, the need for cybersecurity teams to have access to advanced detection technologies has never been greater. Kaspersky Cloud Sandbox provides businesses with the opportunity to ‘detonate’ suspicious files in a virtual environment with a full report on the file’s activities.

The service enables cybersecurity teams and security operations center (SOC) specialists to obtain deep insights into malware behavior and design so that they can detect targeted cyberthreats that were not identified in the wild. The service is designed to equip businesses with advanced detection technologies that will boost the efficiency of incident response and cybersecurity forensics without any risks to the company’s IT systems.

Kaspersky Cloud Sandbox detection performance is backed up with big data of real-time threat intelligence from Kaspersky Security Network (KSN) – providing customers with immediate updates on both known and unknown threats discovered in the wild. The technology’s advanced behavioral analysis is based on over 20 years of KasperskyLab threat intelligence and experience in fighting complex threats.

SOC experts and researchers can further amplify their incident response activities with other services available through the Kaspersky Threat Intelligence Portal. When performing digital forensics or an incident response, a cybersecurity officer can receive the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, threat names, statistical/behavior data and WHOIS/DNS data, and then link that knowledge to the IOCs generated by the sample that was analyzed within the cloud sandbox.

APIs are also available to automate its integration into customer security operations, allowing cybersecurity teams to boost their incident investigations in a matter of minutes.

To avoid potentially harmful malware infecting an organization, the service has advanced anti-evasion technology to detect threats. Kaspersky Cloud Sandbox applies the user’s various emulation techniques, such as Windows button clicking, document scrolling, special routine processes giving malware an opportunity to expose itself, the randomization of user environment parameters and many others.

Once a piece of malware starts running its destructive activities, another innovative Kaspersky Cloud Sandbox feature is activated – the logging subsystem which intercepts malicious actions non-invasively.

For example, if a Word document starts to behave suspiciously – e.g. when it starts building a string in the machine memory, executing Shell commands, or dropping its payloads (all abnormal activities for a text document) – these events are registered in the Kaspersky Cloud Security logging subsystem.

It has extensive functionality that is able to detect a vast spectrum of malicious events. This includes DLLs, registry key registration and modification, HTTP and DNS requests, file creation, deletion and modification, etc. The customer is then provided with a full report containing data visualization graphs and screen shots, as well as a readable sandbox log.

“Businesses today are increasingly threatened by cybercrime through legitimate software flaws that can be mitigated with rapid incident response and digital forensics technologies,” said Rob Cataldo, vice president of enterprise sales at Kaspersky Lab North America. “Kaspersky Cloud Sandbox addresses these challenges as a new, unique offering for cybersecurity researchers and SOC teams, to aid the detailed analysis process of files. The new service allows cybersecurity teams to gain powerful insight into file behavior so that they can minimize threats without any risk to the organization’s’ IT infrastructure.”

 

Leave a Reply

WWPI – Covering the best in IT since 1980