CIOReview
CIOREVIEW >> Cyber Security >>

Kaspersky Develops Tool to Help Security Researchers with Sandboxing

By CIOReview | Friday, July 24, 2020

Kaspersky has developed their sandboxing technology so that it can help the companies to improve their security system.

FREMONT, CA: Now, customer networks can utilize Kaspersky sandboxing technology. The on-premises Kaspersky Research Sandbox is constructed for companies that have strict regulations related to data sharing. The device helps them develop internal security operations centers (SOCs) or computer emergency response teams (CERTs). The solution even assists them in identifying and analyzing the targeted threats and, at the same time, ensures that all the analyzed files are kept inside the organization.

A Kaspersky survey of IT decision-makers revealed that almost about half (45%) of enterprises experienced a targeted attack. In most situations, the threats are developed to only work in a particular context in the victims' organization. For instance, a file might not perform maliciously until a similar application is opened, or unless any user scrolls through the document. Besides, some data can detect that they are not in the end-user environment. For example, if there is no indication about anybody working on the endpoint and will not operate with the malicious code. However, usually, SOC obtains several security alerts, analysts cannot investigate it manually to recognize the most dangerous ones.

Kaspersky's sandboxing technologies can now be applied inside the customer's organization so that companies can analyze advanced threats more precisely and timely. The Kaspersky Research Sandbox follows the systems in the companies with random parameters like user and computer name, IP address, etc. It replicates an actively used environment. It is done so that the malware cannot recognize that it is running on a virtual machine.

"Our Kaspersky Cloud Sandbox, launched in 2018, works perfectly for organizations that need to analyze complex threats without additional investment in hardware infrastructure. However, organizations with internal SOCs and CERTs and strict restrictions on data sharing require more control over files they analyze. Now, with Kaspersky Research Sandbox, they can choose the deployment option that suits them the most as well as being able to customize on-premises sandboxing images to any enterprise environment," comments Veniamin Levtsov, VP, Corporate Business at Kaspersky.

Kaspersky Research Sandbox has developed from the internal sandboxing complex utilized by the company's anti-malware researchers. Now, the technologies are even accessible for the consumers as an isolated on-premises installation. Therefore, the evaluated files will not leave the perimeter of the company and make the solution appropriate for the companies that have restrictions on sharing data.