New Kaspersky Cloud Sandbox Boosts Complex Threat Investigation and Response

With the largest data leaks in 2017 exploiting legitimate software flaws, the need for advanced detection technologies has never been greater. To help companies improve their investigation and response to complex threats, Kaspersky Lab has launched a new service called Kaspersky Cloud Sandbox. Because of its in-the-cloud nature, the service gives businesses the opportunity to take advantage of sandboxes without any additional investments into hardware infrastructure. Instead, the solution is available by subscription as part of the Kaspersky Threat Intelligence Portal. Allowing customers to ‘detonate’ suspicious files in a virtual environment with a full report on the file’s activities, it is designed to boost the efficiency of incident response and cybersecurity forensics without any risks to the company’s IT systems.

Exploiting legitimate software flaws became an efficient commodity for cyber criminals in 2017, as malicious activities can be easily hidden behind trusted processes. Even an experienced cybersecurity team can’t always be sure if it has spotted all the malware using such concealment techniques. To achieve that, teams have to be equipped with advanced detection technologies, including sand boxing, which often requires significant hardware investments that are not easily feasible for many IT Security teams. With Kaspersky Cloud Sandbox, advanced detection and forensic capabilities are available as a service within the Kaspersky Threat Intelligence Portal, allowing cybersecurity teams to ensure they meet their budget requirements while also benefitting from advanced technology. The service enables cybersecurity teams and security operations center (SOC) specialists to obtain deep insights into malware behavior and design, detecting targeted cyber threats that were not identified in the wild Advanced anti-evasion techniques: revealing a hidden truth

To lure malware into revealing its harmful potential, sandbox technology performance should possess advanced anti-evasion techniques. A malicious program, developed to run in a certain software environment, will not explode on a ‘clean’ virtual machine, and will most probably destroy itself without a trace.

Logging system: nothing gets missed in the noise

Once a piece of malware starts running its destructive activities, another innovative Kaspersky Cloud Sandbox technology comes to force: its logging subsystem intercepts malicious actions non-invasively. When a Word document starts to behave suspiciously – for example, if it starts building a string in the machine memory, executing Shell commands, or dropping its payloads (all abnormal activities for a text document) – these events are registered in the Kaspersky Cloud Security logging subsystem.

Detection and incident response performance: second to none

Kaspersky Cloud Sandbox detection performance is backed up with big data of real-time threat intelligence from Kaspersky Security Network (KSN), providing customers with immediate status on both known and new threats discovered in the wild. Advanced behavioral analysis based on more than 20 years of Kaspersky Lab threat research experience of fighting the most complex threats, allows customers to detect previously unseen malicious objects.