Kaspersky Sandbox automates protection from advanced threats


Kaspersky has launched its new Sandbox, built to help organisations combat advanced threats designed to evade detection by endpoint protection platforms (EPP). The solution automatically analyses new suspicious files and sends the decision to the installed EPP. As a result, organisations strengthen their protection from previously unknown threats even if they lack teams of experienced threat analysts or have limited resources.

According to a Kaspersky survey of IT decision-makers, 47% of SMBs and 51% of enterprises say that it is becoming more difficult to differentiate between generic and advanced attacks. This means security analysts have to spend time evaluating numerous suspicious files instead of focusing on investigating, and responding to, the most critical threats. This could be even more challenging, as larger SMBs and small enterprises face an IT security talent shortage, so all the responsibilities of managing security fall on the shoulders of IT departments. Nonetheless, these companies face pretty much the same threats as fully established enterprises, including advanced attacks.
Unlike many threat intelligence services targeted at experienced security analysts, Kaspersky Sandbox doesn’t require manual operations to examine the impact of risky objects. When Kaspersky Endpoint Security for Business, or other endpoint protection solutions, detect a suspicious object that cannot be categorized as malicious without deeply analyzing its behavior, they automatically send it to run in Kaspersky Sandbox.

To detect the malicious intent of an object, Kaspersky Sandbox carries out behavioral analysis, collects and analyses all artefacts, and if the object performs malicious actions, such as encrypting or downloading a malicious payload using a zero-day exploit, the Sandbox recognizes it as malware and reports it to the endpoint protection solution for further actions. For Kaspersky Endpoint Security for Business possible automated actions may include: object quarantine, user notifications, scans of critical areas of the operating system or searching for the detected object on other machines within an organization to prevent the threat from spreading.

“Companies, regardless of their size, need protection from threats that fly under the radar of EPP. However, enterprise-grade solutions against advanced attacks often require advanced security analysts to operate them effectively. Smaller companies can rarely afford to hire and retain such talent. That’s why they need a solution, such as Kaspersky Sandbox, which can solve this issue automatically without needing to attract IT security specialists. For enterprises, deploying Kaspersky Sandbox allows business to optimize their budgets and staffing in branch offices where there’s typically just IT department specialists who are required do all the security work.” – comments Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky.
To find out more about Kaspersky Sandbox, visit the official web site.


Please enter your comment!
Please enter your name here