Advanced analysis, port monitoring, decompression of encrypted packets, and much more…
Positive Technologies has introduced a new version of its network sandbox for protection against advanced malware and zero — day threats-PT Sandbox 5.6. Among the main innovations are checking links for compromise indicators using PT IoC , tracking network ports for behavioral analysis in Linux systems, and unpacking installation packages compressed using popular programs. packers (for example, ASPack, UPX).
PT Sandbox is the first Positive Technologies product to integrate with the Positive Technologies Indicators of Compromise (PT IoC) link checker. The technology provides a more complete and faster diagnosis of cyber incidents, enriching detection results and eliminating the need to write rules for each threat.
With an additional set of expertise tools, PT Sandbox has improved the accuracy and speed of detection. For example, reports now indicate the class of malware, its name, or the name of the exploit.
The new version of the sandbox has upgraded network analytics. Now, when checking files in Linux, network ports are monitored. By modifying malware, cybercriminals are less likely to change their traffic. To track network connections initiated by a specific HPE, Positive Technologies specialists classified point threats. To do this, they used more than 7 thousand network rules that allow the PT Network Attack Discovery traffic analysis system to detect attacks on the perimeter and inside the network.
In mass attacks, attackers often use packagers to bypass security features. These programs compress executable files, hiding malicious code. Since version 5.6, PT Sandbox uses static analysis to decompress installation packages created using popular utilities such as ASPack, FSG, MPRESS, PECompact, and UPX. This allows the sandbox to effectively detect the work of pentester and hacker tools that cannot be detected by dynamic analysis.
When checking PDF files, PT Sandbox 5.6 now considers potentially dangerous those that are encrypted, contain OLE objects and JavaScript scripts. If necessary, the client can disable this feature.
In addition, users can set any other criteria for identifying unsafe PDF documents. Another significant improvement is the unpacking of DEB installation packages for behavioral analysis. The product analyzes and checks for malicious content not only the package itself, but also individually all the files in it.
"The key feature of the updated PT Sandbox is more flexible management of analysis processes. At the same time, the tests themselves have become more complex and in-depth and now give even more accurate results. For example, the sandbox analyzes the security of links not only in the email body, but also in attached files. Due to the fundamental analysis of dangerous file formats (for example, RPM installation packages, ARJ archives) we have increased the quality of malware detection, and also enabled users to influence the operation of the product," says Sergey Osipov, Head of Malware Protection at Positive Technologies.
Positive Technologies has introduced a new version of its network sandbox for protection against advanced malware and zero — day threats-PT Sandbox 5.6. Among the main innovations are checking links for compromise indicators using PT IoC , tracking network ports for behavioral analysis in Linux systems, and unpacking installation packages compressed using popular programs. packers (for example, ASPack, UPX).
PT Sandbox is the first Positive Technologies product to integrate with the Positive Technologies Indicators of Compromise (PT IoC) link checker. The technology provides a more complete and faster diagnosis of cyber incidents, enriching detection results and eliminating the need to write rules for each threat.
With an additional set of expertise tools, PT Sandbox has improved the accuracy and speed of detection. For example, reports now indicate the class of malware, its name, or the name of the exploit.
The new version of the sandbox has upgraded network analytics. Now, when checking files in Linux, network ports are monitored. By modifying malware, cybercriminals are less likely to change their traffic. To track network connections initiated by a specific HPE, Positive Technologies specialists classified point threats. To do this, they used more than 7 thousand network rules that allow the PT Network Attack Discovery traffic analysis system to detect attacks on the perimeter and inside the network.
In mass attacks, attackers often use packagers to bypass security features. These programs compress executable files, hiding malicious code. Since version 5.6, PT Sandbox uses static analysis to decompress installation packages created using popular utilities such as ASPack, FSG, MPRESS, PECompact, and UPX. This allows the sandbox to effectively detect the work of pentester and hacker tools that cannot be detected by dynamic analysis.
When checking PDF files, PT Sandbox 5.6 now considers potentially dangerous those that are encrypted, contain OLE objects and JavaScript scripts. If necessary, the client can disable this feature.
In addition, users can set any other criteria for identifying unsafe PDF documents. Another significant improvement is the unpacking of DEB installation packages for behavioral analysis. The product analyzes and checks for malicious content not only the package itself, but also individually all the files in it.
"The key feature of the updated PT Sandbox is more flexible management of analysis processes. At the same time, the tests themselves have become more complex and in-depth and now give even more accurate results. For example, the sandbox analyzes the security of links not only in the email body, but also in attached files. Due to the fundamental analysis of dangerous file formats (for example, RPM installation packages, ARJ archives) we have increased the quality of malware detection, and also enabled users to influence the operation of the product," says Sergey Osipov, Head of Malware Protection at Positive Technologies.
