Kaspersky has launched its new Kaspersky Sandbox, built to help organizations combat advanced threats designed to evade detection by endpoint protection platforms (EPP). The solution automatically analyses new suspicious files and sends the decision to the installed EPP. As a result, organizations strengthen their protection from previously unknown threats even ifthey lack teams of experienced threat analystsor have limited resources.
According to a Kaspersky survey of IT decision-makers, 47% of SMBs and 51% of enterprises say that it is becoming more difficult to differentiatebetween generic and advanced attacks.This means security analysts have to spend time evaluating numerous suspicious files instead of focusing on investigating, and responding to,the most critical threats.This could be even more challenging, as larger SMBs and small enterprisesface an IT security talent shortage, so all the responsibilities of managing securityfallon the shoulders of IT departments. Nonetheless, these companies face pretty much the same threats as fully established enterprises, including advanced attacks.
Unlike many threat intelligence services targeted at experienced security analysts, Kaspersky Sandbox doesn’t require manual operations to examine the impact of risky objects. When Kaspersky Endpoint Security for Business,or other endpoint protection solutions,detect a suspicious objectthat cannot be categorized as malicious without deeply analyzing its behavior, they automatically sendit to runin Kaspersky Sandbox.
To detect the malicious intent of an object, Kaspersky Sandbox carries out behavioral analysis, collects and analyses all artefacts, and if the object performs malicious actions,such as encrypting or downloading a malicious payload using a zero-day exploit, the Sandbox recognizes it as malware and reports it to the endpoint protection solution for further actions. For Kaspersky Endpoint Security for Business possibleautomated actions may include:object quarantine, user notifications, scans of critical areas of the operating system or searching for the detected object on other machines within an organization to prevent the threat from spreading.
In addition, Kaspersky Sandbox stores the decision on whether or not the object is a threatin the operational cache located on the Kaspersky Sandbox server. Thanks to this, if the analysis of the file that has already been run in the Sandbox isrequested byanother endpoint within the managed network, the EPP gets the decisionfrom this shared knowledgebase without having to re-scan the file. This speeds up the response and reduces workload on servers of virtual machines.
Kaspersky Sandbox is designed to complement the level of protection offered by Kaspersky Endpoint Security for Business with an additional security layer enabling automated response to advanced threats. However, with the provided API, Kaspersky Sandbox can be integrated with other EPP solutions as well.
“Companies, regardless of their size, need protection from threats that fly under the radar of EPP. However, enterprise-grade solutions against advanced attacks often require advanced security analysts to operate them effectively.Smaller companies can rarely afford to hire and retain such talent.That’s why they need a solution, such as Kaspersky Sandbox, which can solve this issue automatically without needing to attract IT security specialists. For enterprises,deploying Kaspersky Sandbox allows business to optimize their budgets and staffing in branch offices where there’s typically just IT department specialists who are required do all the security work.” – comments Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky.