Malware Analysis using Sandbox
Sandbox provides a testing environment to execute potentially malicious files or URL requests in an isolated area away from an organization's network. Files are analyzed and tested without any threat to computers or networks. CTIX integrates with third-party applications, such as Joe Security Sandbox to provide a complete ecosystem for analysts to analyze cryptic and unknown threats, add context to threat intel, and deliver actionable IOCs. Analysts can analyze the verdict delivered for the malware analysis, which includes Malicious, Non-Malicious, Suspicious, Unknown, or Not Applicable.
The following are a few advantages of a sandbox environment:
Analyze files and URLs for threats: When you’re working with new vendors or untrusted software sources, you can test files or URLs for threats before using them.
Detect zero-day threats: With sandboxing, you can detect malicious activities performed by a file or a URL, and eliminate zero-day threats.
Safe malware detection: Sandbox analyzes the file or URL's behavior in a testing environment, thus making it an effective tool for malware detection. It is also safer as it does not risk running a suspicious object in the real business infrastructure.
Add threat intel into CTIX: After sandbox analysis, you can include the discovered threat data into CTIX and analyze it using CTIX's confidence score, and enrich using CTIX's enrichment capabilities by adding context.
Share threat data: You can share the analyzed threat data with network organizations, partners, or subsidiaries for proactive threat detection and remediation.
Feature availability matrix
CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|
Yes | No | No |