05/08/11

GFI SandBox - Powerful automated malware analysis



GFI SandBox™ (formerly CWSandbox) is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom applications.Targeted attacks, hacked websites, malicious Office documents, infected email attachments and social engineering are all part of the Internet threat landscape today. Only GFI SandBox™ gives you a complete view of every aspect and element of a threat, from infection vector to payload execution. And GFI SandBox can quickly and intelligently identify malicious behavior using Digital Behavior Traits™ technology.

Features

Dynamic threat analysis
Dynamic and threat analysis shows how applications execute on the desktop, what system changes were made, and the network traffic generated. When coupled with Digital Behavior Traits you get the ability to automatically identify malicious actions and quickly determine the behavior of a threat. GFI SandBox (formerly CWSandbox) analyzes the behavior inside a monitored environment while recording all malicious activity including, but not limited to: system changes, network traffic, file activity, memory dumps and screen shots. GFI SandBox doesn’t use or require emulation or virtualization.

Compare multiple analyses

GFI SandBox provides the ability to compare multiple analyses for differences and similarities. Samples can be sent to multiple SandBox configurations while centrally managing and automating the process. Side-by-side comparisons can be made across different desktop configurations and between different samples in one view.

True automation

Unlike most other analysis tools on the market today, GFI SandBox provides true automation that gives those on the front lines of cyber-defense and digital forensics the ability to analyze potential threats quickly, efficiently and in volume while saving organizations valuable time and resources.

Emulate, automate user interaction

By simulating how a user would interact when presented with a dialog box from fake or rogue applications, GFI SandBox automates what up until now has been a manual process. Traditionally, a researcher needed to manually analyze each threat on a case-by-case basis using a number of applications. The automation functions of GFI SandBox engage with the application, infected file or compromised website exactly as the malware expects a user to do and logs and analyzes all the resulting activity without any manual intervention.

A fraction of the time of conventional analysis

This end-to-end process automation enables security companies and enterprises to filter through potential threats in a consistent, automated manner, alleviating unnecessary demands on valuable resources.
 
nb : the hacker news

Tidak ada komentar:

Posting Komentar