Click here to load reader

Elastic Sandbox Environment

Embed Size (px)

DESCRIPTION

The cyber threat landscape is becoming more dangerous and challenging all the time. Here, you’ll find a practical, expert-crafted resource to help keep your enterprise secure and successful for the long-term. It’s our way to help you get informed -- and stay safe. Elastic Sandbox Environment -Automatic analysis and classification of suspicious files -Analyzes potential malicious files on different platforms -Currently crunches over 40,000 malware samples daily -Generates malware behavior profiles -Maintains a crowdsourced threat repository

Citation preview

  • 1.DATA SHEETAdvanced Threat ProtectionSECULERTS ELASTIC SANDBOX ENVIRONMENT Advanced threats demand a new class of defenses. Precisely because they are persistent and ever-changing, it is essential to study their behavior over time and not just at the moment of entry into the organization. And as threats become more sophisticated and dangerous, the most effective and efficient way to fight is to join forces and share information. Today, Seculert is leveraging the capabilities of the cloud to turn this vision into reality. Seculerts Elastic Sandbox environment is an essential tool for studying and profiling malware over time for as long as necessary, and for sharing results with the community. It works together with the core technologies in the Seculert solution to identify and block malware as soon as it strikes.Seculert is a comprehensive cloud-based solution for protecting organizations from advanced malware, APTs and zero-day attacks. Seculert combines several key detection and protection technologies an Elastic Sandbox environment,WHAT IS A SANDBOX? In IT security, a sandbox is an experimental environment where suspicious code can be executed and studied safely, without risk of infecting a production environment. Today, many security solutions feature sandboxing technology. But not all sandboxes are created equal. Seculerts Elastic Sandbox is unique because of a combination of leading-edge technologies and synergistic interaction with the other modules in the Seculert Solution: Botnet Interception, Big Data Analytics, Protection API, and Automated Traffic Log Analysis. And unlike other single-vendor environments, Seculerts Elastic Sandbox sees a complete picture consisting of samples from the full range of on-premises security device vendors.Botnet Interception, and Automated Traffic Log Analysis - in one simple solution that proactively identifies new threats as they emerge.HOW THE SANDBOX WORKS Sample Settings Analysis periodAnalysis regionNew malware profilesNew suspicious malware Results Traffic Suspicious malwareElastic Sandbox EnvironmentData AnalyticsResultsMalware profileMalwareBehaviorsSuspicious malwareMeta data Machine run time changes******Log analysis and Botnet interceptionVendors CustomersDATA SHEETSECULERTS ELASTIC SANDBOX ENVIRONMENT | 1

2. 1. Customers, partners, vendors and the malware experts at Seculert upload suspicious executables to the Elastic Sandbox using the online platform or API. 2. In the elastic sandbox, Seculert studies the behavior of the code including network communications, meta-data in the network traffic and host runtime changes. 3. You can tune the sandbox by setting the execution time and region to approximate geographically targeted attacks. 4. If additional suspicious code is found during execution, it too is downloaded and sent to the Elastic Sandbox for analysis.Seculerts Elastic Sandbox uncovered some infamous botnets including Ramnit, Kelihos.B, Mahdi, Shamoon, and Dexter.5. Seculert uses Big Data analytics to process all of the information collected and determine whether or not the code is malicious. If the solution recognizes a known malware profile, it updates customers and partners immediately via the online dashboard and the Seculert API, which communicates directly with customers proxies and firewalls to block known threats. 6. If the executables behavior is not known, but is conclusively identified as malware, a profile is defined. Seculert immediately notifies customers and partners via the dashboard and API. In addition, the new malware profile becomes an important learning set for Seculerts machine learning algorithms and traffic log analysis. 7. If the malware is determined to be a botnet, the data is also passed on to the Botnet Interception module, which monitors traffic and identifies infected users and IP addresses.MONITORED BEHAVIORS When a suspicious file is uploaded and run in the Elastic Sandbox, Seculert looks for hundreds of different behaviors which, taken together, can indicate malware. Some examples include: Network traffic: All malware communicates with a command and control server which may be indicated by a dynamic DNS domain. It may also download additional files, scan for security vulnerabilities or setup back doors. Device changes: Malware will often make changes to the host device including the registry, security settings, creating and changing files, auto-run settings and hooking. Security detection measures: Malware actively avoids detection by disabling security settings, avoiding running while being monitored and injecting into other processes.THE ADVANTAGES OF THE SECULERT ELASTIC SANDBOX Long-term analysis Advanced malware is often quiet for long periods of time, and when it does act, it isnt always immediately apparent that something is wrong. It is also programmed to change, so that its behavior patterns dont become suspicious. As a result, it is essential to study malware over a period of time ranging from minutes to days. Sandboxes that run in-line on your network traffic can only run suspicious code for short periods ranging from a few seconds to a few minutes. Anything longer would be disruptive and too resource intensive. The Seculert Elastic Sandbox can execute code for as long as necessary from a minute to an hour. Target emulation Since many botnets target a particular region, industry or organization, Seculert configures servers in a way that mimics different potential targets. The Seculert platform gives you the ability to set the region, time and additional factors that can help identify malware behavior.DATA SHEETSECULERTS ELASTIC SANDBOX ENVIRONMENT | 2 3. Invisible to Malware As malware becomes more and more sophisticated, it is able to identify sandboxing technology and will keep quiet until it thinks it is safe. Seculert uses proprietary technology to make malware believe that it is not running inside a sanitized, virtual environment. To the malware, the Elastic Sandbox looks like a device with natural activity such as keyboard inputs and mouse movements. Elastic, cloud environment Having scalable resources is critical because in order to understand advanced malware, you must let it run over an extended period of time, and often you must execute it on multiple servers with different properties. The elastic, distributed nature of the cloud is ideal for a sandbox environment. 40K samples daily, from all kinds of traffic and vendors Today, the Seculert Elastic Sandbox analyzes over 40,000 new malware samples every day and the number keeps growing. The samples come from customers who upload suspicious code through the API or dashboard, Seculerts automated traffic log analysis, the Botnet Interception module and partners.BIG DATA ANALYTICS Monitoring over 40,000 code samples a day generates a tremendous amount of data. Seculerts Big Data analytics engine uses machine learning algorithms and Elastic MapReduce to determine whether a code is malware or not. If it is malware, all Seculert customers are immediately protected via the API and dashboard alerts. But a single-pronged approach is not enough to stay ahead of emerging threats. Seculert also uses the new malware profile as a learning set for machine learning algorithms that detect unknown malware in customer traffic logs.AUTOMATED PROTECTION API To make the most of the Elastic Sandbox, you can integrate it with your existing security infrastructure using the Seculert Protection API. The API features three simple methods/API calls for uploading and retrieving data: A web request that uploads files via HTTP, followed by a response including the uploads identification key A request that retrieves the results of the analysis using the identification key A request that retrieves the network capture file (.PCAP) of the network traffic triggered by the running of the suspicious files When malware is detected by the Elastic Sandbox, Seculert customers are notified immediately. The API can communicate directly with corporate firewalls and proxies to block traffic. To support complete forensics, threat detection data can also be sent to SIEM systems for correlation. Some additional examples of integration include: A mail server plug-in that automatically uploads suspicious attachments to the Elastic Sandbox An anti-virus integration that inspects quarantined files to determine their severity in order to prioritize remediation activitiesDATA SHEETSECULERTS ELASTIC SANDBOX ENVIRONMENT | 3 4. SECULERT DASHBOARD AND ALERTS You can upload samples to the Elastic Sandbox at any time using the dashboard as well as the API. Its easy to configure runtime settings such as region and time. As soon as the analysis is completed, you are alerted by email and receive a detailed report. Malware reports include information about suspicious behavior observed, domains visited, registry and other host changes so that you can understand and mitigate your exposure and modify your security policies as needed.The dashboard automatically indicates whether malware was found and what activity should be blockedSYNERGISTIC TECHNOLOGIES Seculerts Elastic Sandbox environment is extremely powerful but it is the combination of the Elastic Sandbox working together with all of Seculerts core technologies that provides the key to successful advanced threat protection. In addition to the Elastic Sandbox, Seculert features: Botnet interception to detect threats that are already attacking employees, partners and customers inside and outside your organization. Automated traffic log file analysis to identify unknown malware that is targeting your organization. Protection API to automatically stop identified threats through integration with perimeter defenses. Big Data analytics analyzes tens of thousands of malware profiles daily as well as petabytes of traffic logs in order to detect APTs. Machine learning technology identifies unknown malware based on an understanding of malware behavior in order to keep up with the volume and rate of change. Intuitive dashboard puts instant information about all advanced threats at your fingertips. Full coverage of remote and mobile users on all endpoints including BYOD - without installing a single appliance or endpoint solution. Cost-effective cloud service means no installation, instant results, and low total cost of ownership.LICENSING Basic Elastic Sandbox functionality is available for a total 5 samples running for 1 minute each for free. In order to upload more than 5 samples and get the ability to set the execution time and geographic region, please contact us.Toll Free (US): 1-855-732-8537 Tel (US): [email protected] (UK): 44-203-355-6444 Tel (Intl): 972-3-919-3366DATA SHEETSECULERTS ELASTIC SANDBOX ENVIRONMENT | 4


CURRENT AFFAIRS · Regulatory Sandbox • A regulatory sandbox is a framework that allows for live-testing of new products or services in a controlled environment. • The first round

CURRENT AFFAIRS · Regulatory Sandbox • A regulatory sandbox is a framework that allows for live-testing of new products or services in a controlled environment. • The first round

Documents
The “sandbox” training/practicing environment isfacserv.utk.tennessee.edu/Newsletter/Weekly/WeeklySEPT3-2014.pdfThe “sandbox” training/practicing environment is ... checking

The “sandbox” training/practicing environment isfacserv.utk.tennessee.edu/Newsletter/Weekly/WeeklySEPT3-2014.pdfThe “sandbox” training/practicing environment is ... checking

Documents
Apple Sandbox

Apple Sandbox

Documents
Sandbox kiev

Sandbox kiev

Internet
LRS Sandbox Environment Definition Document

LRS Sandbox Environment Definition Document

Documents
Sandbox Tour Guide - Santa Cruz Health PM... · 2015. 5. 15. · Tour Guide Script March 2012 This document is to be used in conjunction with the Netsmart Sandbox environment as a

Sandbox Tour Guide - Santa Cruz Health PM... · 2015. 5. 15. · Tour Guide Script March 2012 This document is to be used in conjunction with the Netsmart Sandbox environment as a

Documents
Sandbox Helmets

Sandbox Helmets

Documents
PacSec Tokyo November 2014 TENTACLE: Environment-Sensitive ... · Tentacle implementation details • Nyarlathotep “Thousand Form” Sandbox – Camouflaging sandbox/vmrelatedartifact

PacSec Tokyo November 2014 TENTACLE: Environment-Sensitive ... · Tentacle implementation details • Nyarlathotep “Thousand Form” Sandbox – Camouflaging sandbox/vmrelatedartifact

Documents
Data Management in an Elastic Storage Environment

Data Management in an Elastic Storage Environment

Documents
The Sandbox Approach - Improving our Working Environment

The Sandbox Approach - Improving our Working Environment

Business
Cuckoo sandbox

Cuckoo sandbox

Education
Enter Sandbox: Android Sandbox Comparison - … Sandbox: Android Sandbox Comparison Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin

Enter Sandbox: Android Sandbox Comparison - … Sandbox: Android Sandbox Comparison Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin

Documents
Getting Started with PI at your University - OSIsoft · Virtual Learning Environment Learning Sandbox The Virtual Learning Environment (VLE) is a fully functional PI System running

Getting Started with PI at your University - OSIsoft · Virtual Learning Environment Learning Sandbox The Virtual Learning Environment (VLE) is a fully functional PI System running

Documents
PayPal Sandbox User Guide - FAELCE · Sandbox User Guide April 2007 9 1 Overview to the PayPal Sandbox The PayPal Sandbox is a self-contained environment within which you can prototype

PayPal Sandbox User Guide - FAELCE · Sandbox User Guide April 2007 9 1 Overview to the PayPal Sandbox The PayPal Sandbox is a self-contained environment within which you can prototype

Documents
Inputs Verifier Tool (IVT) Sandbox Testing · • Scope of sandbox: Sandbox addresses only IVT. The following additional RY14 features are not part of the sandbox: • Reporting of

Inputs Verifier Tool (IVT) Sandbox Testing · • Scope of sandbox: Sandbox addresses only IVT. The following additional RY14 features are not part of the sandbox: • Reporting of

Documents
SANDBOX EXPERIMENTS

SANDBOX EXPERIMENTS

Documents
Elastic build environment

Elastic build environment

Technology
Innovation SANDBOX Operating Guidelines Sandbox_Operating... · Innovation Sandbox Operating Guidelines 1. Overview “Innovation Sandbox” is a testing environment where Fintech

Innovation SANDBOX Operating Guidelines Sandbox_Operating... · Innovation Sandbox Operating Guidelines 1. Overview “Innovation Sandbox” is a testing environment where Fintech

Documents
Sandbox Introduction

Sandbox Introduction

Education
Oracle Sandbox

Oracle Sandbox

Technology
Chromium Sandbox

Chromium Sandbox

Documents
Testing in Production: Enhancing development and test ... · within a sandbox environment, detail the issues encountered while validating the sandbox environment application and our

Testing in Production: Enhancing development and test ... · within a sandbox environment, detail the issues encountered while validating the sandbox environment application and our

Documents
DevNet Sandbox Collaboration 11.5 Lab User Guide · Welcome to DevNet Sandbox Collaboration 11.5 lab environment. ... The CUCM and CUP servers are automatically setup to Sync with

DevNet Sandbox Collaboration 11.5 Lab User Guide · Welcome to DevNet Sandbox Collaboration 11.5 lab environment. ... The CUCM and CUP servers are automatically setup to Sync with

Documents
Science Sandbox

Science Sandbox

Education
Regulatory Sandbox Framework Sandbox/Documents...Regulatory Sandbox Framework February 2019 1 Table of Contents 1. Introduction ..... SAMA�s Sandbox directly connects with ‘KSA’s

Regulatory Sandbox Framework Sandbox/Documents...Regulatory Sandbox Framework February 2019 1 Table of Contents 1. Introduction ..... SAMA�s Sandbox directly connects with ‘KSA’s

Documents
Sandbox Calibration

Sandbox Calibration

Documents
Sandbox Portfolio

Sandbox Portfolio

Documents
MiniBox: A Two-Way Sandbox for x86 Native Code...Combine Sandbox and Isolation • Deploy sandbox in an isolated environment – Avoid porting effort – Sandbox exposes large interface

MiniBox: A Two-Way Sandbox for x86 Native Code...Combine Sandbox and Isolation • Deploy sandbox in an isolated environment – Avoid porting effort – Sandbox exposes large interface

Documents
DevNet Sandbox Collaboration 11.5 Lab User Guide · 2019-11-18 · 3 1 Introduction Welcome to DevNet Sandbox Collaboration 11.5 lab environment. This sandbox supports voice, video,

DevNet Sandbox Collaboration 11.5 Lab User Guide · 2019-11-18 · 3 1 Introduction Welcome to DevNet Sandbox Collaboration 11.5 lab environment. This sandbox supports voice, video,

Documents
With Auto-Sandbox Containment Technology · With Auto-Sandbox Containment Technology ... Advanced Persistent Threats (APTs) in a virtual environment within the ... HIPs, containment

With Auto-Sandbox Containment Technology · With Auto-Sandbox Containment Technology ... Advanced Persistent Threats (APTs) in a virtual environment within the ... HIPs, containment

Documents