Woburn, MA – November 18, 2019 – Kaspersky has launched its new Kaspersky Sandbox designed to help organizations combat advanced threats intended to evade detection by endpoint protection platforms (EPP). The solution automatically analyzes new suspicious files and sends the results to the installed EPP. As a result, organizations are able to strengthen their protection from previously unknown threats, even if they lack teams of experienced threat analysts or have limited resources.
According to a Kaspersky survey of IT decision-makers, 47% of SMBs and 51% of enterprises say it is becoming more challenging to differentiate between generic and advanced attacks. This means that security analysts have to spend more time evaluating numerous suspicious files instead of focusing on investigating and responding to the most critical threats.
Unlike many threat intelligence services targeted at experienced security analysts, Kaspersky Sandbox does not require manual operations to examine the impact of suspicious files. When endpoint protection solutions detect a suspicious object that cannot be categorized as malicious without deeply analyzing its behavior, they automatically send it to run in Kaspersky Sandbox.
To detect the malicious intent of an object, Kaspersky Sandbox carries out behavioral analysis as well as collects and analyses all artefacts. In addition, if the object performs malicious actions such as encrypting or downloading a malicious payload using a zero-day exploit, the Sandbox recognizes it as malware and reports it to the endpoint protection solution for further actions.
Kaspersky Sandbox also stores the decision on whether or not the object is a threat in the operational cache located on the Kaspersky Sandbox server. With this feature in place, if the analysis of the file that has already been run in the Sandbox is requested by another endpoint within the managed network, the EPP gets the decision from this shared knowledge base without having to re-scan the file, speeding up the response and reducing the workload on servers of virtual machines.
Kaspersky Sandbox is designed to complement the level of protection offered by Kaspersky Endpoint Security for Business with an additional security layer enabling automated response to advanced threats. With the provided API, Kaspersky Sandbox can be integrated with other EPP solutions as well.
“Companies, regardless of their size, need protection from threats that fly under the radar of EPP. However, enterprise-grade solutions against advanced attacks often require advanced security analysts to operate them effectively,” said Sergey Martsynkyan, head of B2B product marketing at Kaspersky. “Smaller companies can rarely afford to hire and retain such talent. That's why they need a solution, such as Kaspersky Sandbox, which can solve this issue automatically without needing to attract IT security specialists. For enterprises, deploying Kaspersky Sandbox allows business to optimize their budgets and staffing in branch offices where there’s typically just IT department specialists who are required do all the security work.”
To learn more about Kaspersky Sandbox, visit the official website.