Kaspersky launched its new Kaspersky Sandbox designed to help organizations combat advanced threats intended to evade detection by endpoint protection platforms (EPP).
The Kaspersky Sandbox solution is ideal for companies with no dedicated security team, where the IT security role is assigned to the IT department; small businesses that don’t want to incur additional IT security resources; large organizations with a geographically distributed infrastructure and without on-site IT security specialists; and companies who need to ensure that their full-time IT security analysts are fully focused on critical tasks.
The solution automatically analyzes new suspicious files and sends the results to the installed EPP. As a result, organizations are able to strengthen their protection from previously unknown threats, even if they lack teams of experienced threat analysts or have limited resources.
Unlike many threat intelligence services targeted at experienced security analysts, Kaspersky Sandbox does not require manual operations to examine the impact of suspicious files. When endpoint protection solutions detect a suspicious object that cannot be categorized as malicious without deeply analyzing its behavior, they automatically send it to run in Kaspersky Sandbox.
To detect the malicious intent of an object, Kaspersky Sandbox carries out behavioral analysis as well as collects and analyses all artefacts. In addition, if the object performs malicious actions such as encrypting or downloading a malicious payload using a zero-day exploit, the Sandbox recognizes it as malware and reports it to the endpoint protection solution for further actions.
Kaspersky Sandbox also stores the decision on whether or not the object is a threat in the operational cache located on the Kaspersky Sandbox server. With this feature in place, if the analysis of the file that has already been run in the Sandbox is requested by another endpoint within the managed network, the EPP gets the decision from this shared knowledge base without having to re-scan the file, speeding up the response and reducing the workload on servers of virtual machines.
According to a Kaspersky survey of IT decision-makers, 47 percent of SMBs and 51 percent of enterprises say it is becoming more challenging to differentiate between generic and advanced attacks. This means that security analysts have to spend more time evaluating numerous suspicious files instead of focusing on investigating and responding to the most critical threats.
No comments:
Post a Comment