I am a big fan of behavior based malware analysis. I have assessed several products that claim to use behavioral analysis, most end up as a desktop product that constantly prompts the user to determine whether or not an action is nefarious or not. I am still waiting for a single vendor to introduce a solid, reliable, and trustworthy antimalware engine that analyzes behaviroal characteristics and makes intelligent decisions regarding applications and communications, while still performing at a decent clip and not hogging all of the PC’s resources, or relying on non-technical users to make security decisions.
Until my dream product materializes, GFI has released GFI SandBox 3.4 (formerly SunBelt’s CWSandBox). The latest update to their malware analysis tool helps security professionals assess suspected files and URLs for potential threats within a controlled environment. This tool provides quick and safe malicious behavior analysis and reporting. It enables users to see how potential malware executes, what changes are made during execution, what network traffic is generated, and much more, without risking the loss of data or compromising a network.
- In-depth file analysis – Kernel-level monitoring provides greater confidence when analyzing any file or URL for malicious activity whether in a native or virtual environment.
- Digital behavior traits – A summary of behavior across multiple platforms alerts users to malicious behavior. Users can also replicate any system configuration for real world testing.
- Easier collaboration – Admins can grant access to GFI SandBox to anyone in the organization to review and compare the Digital Behavior Traits of suspect files.
- Fast malware assessments – Quicker file submissions and shorter analysis times.
- Detailed reports – Security teams can instantly generate high-level summaries or comprehensive, in-depth analysis reports to share throughout an organization.
Until now, government agencies, threat researchers and large enterprises with their own highly skilled security teams were the only ones capable of purchasing and implementing sandboxing technologies. While GFI SandBox 3.4 delivers stronger and quicker malware analysis, their focus for the new product is to make advanced malware analysis more accessible to organizations with limited in-house malware expertise, especially in the financial services sector where a lot of malware activity has been seen. This is a product and technology well worth exploring.