Kaspersky has launched a major update to Kaspersky Research Sandbox, introducing version 3.0 with advanced capabilities for deeper file analysis, interactive threat investigation, and significantly reduced hardware requirements. Designed for security teams and threat researchers, the enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analyzing modern cyber threats.
Kaspersky Research Sandbox has been developed directly out of the company's in-lab sandboxing complex, a technology that's been evolving for over two decades. It incorporates all the knowledge about malware behaviors acquired through continuous threat research, allowing Kaspersky to detect 400,000+ new malicious objects every day.
One of the key advancements in Kaspersky Research Sandbox 3.0 is the introduction of visual interaction during sample detonation (VNC). This feature enables security analysts to interact with the execution environment in real time, monitor malware behavior as it unfolds, and run investigation tools to uncover additional threat details. This deeper level of analysis enhances the ability to detect sophisticated threats that adapt to traditional sandboxing methods.
The updated sandbox now also offers the option to work with Kaspersky Security Network (KSN) as an alternative to Kaspersky Private Security Network (KPSN). This flexibility provides a more cost-effective and faster deployment option which is particularly useful for pilot projects. Additionally, this change reduces hardware requirements by half, making the solution more accessible for organizations with limited resources.
To address the growing use of obfuscation techniques in modern attacks, Kaspersky Research Sandbox 3.0 now incorporates Microsoft AMSI (Antimalware Scan Interface) output. This integration significantly improves detection of packed and obfuscated scripts, including malicious PowerShell activity, a tactic increasingly exploited by threat actors.
Further improving threat intelligence capabilities, the update introduces extended static analysis. By examining key file attributes such as strings, headers, sections, import and export tables and entropy graphs for executable files, analysts gain critical insights into malware characteristics, even for operating systems not yet supported for dynamic analysis, such as macOS.
Alongside these technological enhancements, the user interface has been completely redesigned to improve usability and streamline the research process. The enhanced System Activities page now offers improved visualization, allowing analysts to filter reports and focus only on relevant malicious processes. The History table search function makes it easier to retrieve previous analysis results, helping security teams quickly resume investigations.
"With Kaspersky Research Sandbox 3.0, we're providing security teams with even more extensive analysis capabilities, greater visibility and control over malware behavior and a significantly decreased entry threshold for organizations with limited hardware resources. Built on over two decades of malware research, Kaspersky Research Sandbox combines our deep threat analysis expertise with cutting-edge technology. It empowers security teams with professional interactive malware investigation tool with even deeper analysis and optimized performance - now with twice lowered hardware requirements," comments Boris Storonkin, Threat Intelligence Product Manager at Kaspersky.