Kaspersky Sandbox deepens malware analysis

A new version of Kaspersky Research Sandbox (KRS) features advanced capabilities for deeper file analysis, interactive threat investigation, and significantly reduced hardware requirements.

Designed for security teams and threat researchers, version 3.0’s enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analysing modern cyber threats.

The malware analysis system has been developed directly out of the company’s in-lab sandboxing complex, a technology that’s been evolving for over two decades. It incorporates the knowledge about malware behaviours acquired through continuous threat research, enabling Kaspersky to detect over 400,000 new malicious objects every day.

One of the key advancements in KRS is the visual interaction during sample detonation. This feature enables security analysts to interact with the execution environment in real time, monitor malware behaviour as it unfolds, and run investigation tools to uncover additional threat details. Kaspersky says this deeper level of analysis enhances the ability to detect sophisticated threats that adapt to traditional sandboxing methods.

The updated sandbox offers the option to work with Kaspersky Security Network (KSN) as an alternative to Kaspersky Private Security Network (KPSN). The company says this flexibility provides a more cost-effective and faster deployment option which is particularly useful for pilot projects. This change, says Kaspersky, reduces hardware requirements by half making the solution more accessible for organisations with limited resources.

To address the growing use of obfuscation techniques in modern attacks, KRS now incorporates Microsoft Antimalware Scan Interface (AMSI) output. This integration significantly improves detection of packed and obfuscated scripts, including malicious PowerShell activity, a tactic increasingly exploited by threat actors.

Further improving threat intelligence capabilities, the update features extended static analysis. By examining key file attributes such as strings, headers, sections, import and export tables and entropy graphs for executable files, analysts gain critical insights into malware characteristics, including for operating systems not yet supported for dynamic analysis, such as macOS.

Alongside these technological enhancements, the user interface has been redesigned to improve usability and streamline the research process. The enhanced System Activities page offers improved visualisation, allowing analysts to filter reports and focus only on relevant malicious processes. The History table search function enables one retrieve previous analysis results, helping security teams quickly resume investigations.

“With Kaspersky Research Sandbox 3.0, we’re providing security teams with even more extensive analysis capabilities, greater visibility and control over malware behaviour and a significantly decreased entry threshold for organisations with limited hardware resources,” says Boris Storonkin, threat intelligence product manager of Kaspersky.

“Built on over two decades of malware research, Kaspersky Research Sandbox combines our deep threat analysis expertise with cutting-edge technology. It empowers security teams with professional interactive malware investigation tool with even deeper analysis and optimised performance – now with twice lowered hardware requirements.”

* Visit the Kaspersky website here.