Kaspersky has launched a major update to Kaspersky Research Sandbox, introducing version 3.0 with advanced capabilities for deeper file analysis, interactive threat investigation, and significantly reduced hardware requirements. Designed for security teams and threat researchers, the enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analyzing modern cyber threats.
Kaspersky Research
Sandbox has been developed directly out of the company’s in-lab sandboxing
complex, a technology that’s been evolving for over two decades. It
incorporates all the knowledge about malware behaviors acquired through
continuous threat research, allowing Kaspersky to detect 400,000+ new malicious
objects every day.
One of the key
advancements in Kaspersky Research Sandbox 3.0 is the introduction of visual
interaction during sample detonation (VNC). This feature enables security
analysts to interact with the execution environment in real time, monitor
malware behavior as it unfolds, and run investigation tools to uncover
additional threat details. This deeper level of analysis enhances the ability
to detect sophisticated threats that adapt to traditional sandboxing methods.
The updated sandbox
now also offers the option to work with Kaspersky Security Network (KSN) as an
alternative to Kaspersky Private Security Network (KPSN). This flexibility
provides a more cost-effective and faster deployment option which is
particularly useful for pilot projects. Additionally, this change reduces
hardware requirements by half, making the solution more accessible for
organizations with limited resources.
To address the growing
use of obfuscation techniques in modern attacks, Kaspersky Research Sandbox 3.0
now incorporates Microsoft AMSI (Antimalware Scan Interface) output. This integration
significantly improves detection of packed and obfuscated scripts, including
malicious PowerShell activity, a tactic increasingly exploited by threat
actors.
Further improving
threat intelligence capabilities, the update introduces extended static
analysis. By examining key file attributes such as strings, headers, sections,
import and export tables and entropy graphs for executable files, analysts gain
critical insights into malware characteristics, even for operating systems not
yet supported for dynamic analysis, such as macOS.
Alongside these
technological enhancements, the user interface has been completely redesigned
to improve usability and streamline the research process. The enhanced System
Activities page now offers improved visualization, allowing analysts to filter
reports and focus only on relevant malicious processes. The History table
search function makes it easier to retrieve previous analysis results, helping
security teams quickly resume investigations.
“With Kaspersky Research
Sandbox 3.0, we’re providing security teams with even more extensive analysis
capabilities, greater visibility and control over malware behavior and a significantly
decreased entry threshold for organizations with limited hardware resources.
Built on over two decades of malware research, Kaspersky Research Sandbox
combines our deep threat analysis expertise with cutting-edge technology. It
empowers security teams with professional interactive malware investigation
tool with even deeper analysis and optimized performance - now with twice
lowered hardware requirements,” comments Boris Storonkin, Threat Intelligence Product
Manager at Kaspersky.
For more information
about Kaspersky Research Sandbox 3.0, please visit the link.
