As Malware Gets Smarter, So Must Your Security Sandbox

March 21, 2016 · steveverbanic · · Comments

“Targeted malware” is a real threat these days, with Verizon showing in its latest Data Breach Investigations Report that 70%-90% of all malware reported was unique to an organization. Even more alarming was the finding that on  average, companies went 205 days between the time they were breached and the day they discovered it.

The bottom line: Modern malware is sophisticated, targeted and difficult to detect. To fight it, you need to develop the intelligence of your security defenses.

Signature-based detection tools – think antivirus (AV), intrusion detection systems (IDS), anti-spam, web filtering and IP reputation techniques – while important, are no longer up to the job of detecting and eliminating targeted malware on their own. By definition, they can only detect known threats.

Today’s malware authors are constantly evolving their delivery mechanisms and payloads, using techniques like compression, encryption and polymorphism to obfuscate their code and deliver targeted, zero-day attacks that walk right past such signature-based defenses.

How Security Sandboxes Help

Sandboxes let security analysts detect malicious code – even if it’s previously unknown – by kicking it off in a safe, controlled virtual machine (VM) that closely mimics the corporate desktop environment. This lets analysts sniff out these unique malicious exploits and eliminate them, without putting the corporate network at risk.

Unfortunately, malware writers have upped the ante against conventional sandbox technology. They now use a variety of evasive maneuvers, including VM detection, for sensing the presence of a sandbox, and “time bombs,” in which they lay dormant until released. Malware created this way appears innocuous during sandbox inspection, but once it gets passed along to the corporate network, it detonates its payload, in effect, circumventing your controls.

How Smarter Security Sandboxes Help More

What’s needed is a more comprehensive security sandbox that outsmarts malware from start to finish, including:

  • Prior to analysis: A smarter security sandbox more closely replicates the target user’s environment, thwarting any detection mechanisms the malware writer puts in place.
  • During analysis: A smarter sandbox also uses traditional signature detection methods, like AV and threat databases, but in concert with deep behavioral analyses that  more accurately predict and detect malicious attacks.
  • Post-analysis: Smarter sandboxes integrate tightly with threat intelligence, IDS/IPS, firewalls and other defensive mechanisms, creating new signatures on the fly and forwarding them to the integrated tools to provide actionable knowledge for better threat prevention down the road.

Ultimately, today’s targeted threats need targeted solutions. SLAIT specializes in delivering customized, creative IT solutions for customers in both the commercial and private sector.  We can provide full-featured sandbox technology designed to outsmart even the most sophisticated, evasive malware. Through our strategic partnerships and with our more than 25 years’ experience serving the IT sector, we continue to take new approaches to reducing our clients’ costs, while increasing performance and mitigating risks.