L
LabZero
Thread author
Hello everyone.
The sandbox now sprout everywhere, many AV vendors implement this technology in their products, even with the promise of being able to detect zero day.
I'd think so right on this point: the zero day.
Having an accurate detection means adopting a sandboxing technology more or less effective to study the behavior of malware or suspicious traffic flows, trying to analyze and determine the degree of danger/malevolence in signatureless mode. Yes, because if I don't know the malware, I can't identify it through signatures notes.
For nearly all users charmed sandbox, these continue to be considerations but are really effective?
Because everything they have in hand regarding the advanced attack is possibly a sandbox report where the malware is launched ...
It is precisely for this reason that we must never forget: the real system. I can't expect everything to be restored as before the attack ... but it is certainly possible to investigate against an alarm received from sandbox if the targeted client has Impairment indicators ... confirm the attack and understand it to the Host.
And why not, decide to make an isolation that allows us,after a precise detection, of proceeding with an analysis that provides safe answers.
-What happened?
-The attack is successful?
-Other machines have been compromised?
-Data have been stolen?
This is what I expect about the sandbox of the future.
The next time someone talks to you or offers the latest wonderful sandbox beware ... make sure the overall solution ensures the visibility on the Host object.
The sandbox now sprout everywhere, many AV vendors implement this technology in their products, even with the promise of being able to detect zero day.
I'd think so right on this point: the zero day.
Having an accurate detection means adopting a sandboxing technology more or less effective to study the behavior of malware or suspicious traffic flows, trying to analyze and determine the degree of danger/malevolence in signatureless mode. Yes, because if I don't know the malware, I can't identify it through signatures notes.
For nearly all users charmed sandbox, these continue to be considerations but are really effective?
Because everything they have in hand regarding the advanced attack is possibly a sandbox report where the malware is launched ...
It is precisely for this reason that we must never forget: the real system. I can't expect everything to be restored as before the attack ... but it is certainly possible to investigate against an alarm received from sandbox if the targeted client has Impairment indicators ... confirm the attack and understand it to the Host.
And why not, decide to make an isolation that allows us,after a precise detection, of proceeding with an analysis that provides safe answers.
-What happened?
-The attack is successful?
-Other machines have been compromised?
-Data have been stolen?
This is what I expect about the sandbox of the future.
The next time someone talks to you or offers the latest wonderful sandbox beware ... make sure the overall solution ensures the visibility on the Host object.
Last edited by a moderator: