Modern cybercriminal tools are very subtle: in particular, they are able to record the very fact of studying their carrier by information security tools (when the antivirus on the mail server checks the file attached to the letter, for example) and deactivate for this time, so as not to arouse suspicion. And only then, having found themselves safe on the local PC of the user who received the letter, they begin to act. Sandboxes have become a countermeasure against this pattern of behavior: virtualized working environments in which a suspicious object is placed for safe comprehensive analysis.
From the point of view of malicious code, an effective canada whatsapp data is indistinguishable from a working node or even a section of the corporate network. “Efficient” in this case means that when the code tries to determine what environment it is currently in, the sandbox’s operation reliably imitates the actions of live users. The sandbox as part of the integrated Kaspersky Lab solution is exactly that, capable of misleading malicious code. This component requires even fewer actions from the information security specialist, even in comparison with a well-automated EDR: the sandbox only needs to be correctly configured, and then it will automatically begin to detect and block suspicious objects, preventing them from entering the corporate network.
From theory to practice
A classic EPP solution, deployed on the “set it and forget it” principle, optimally meets the needs of SMB clients, whose IT departments have at best a dozen (and more often three to five) specialists, and there is no dedicated information security department at all. EDR is a different matter: the functionality of this tool directly implies the active participation of the administrator for the most effective detection of atypical threats. However, Kaspersky Lab’s integrated solution for SMBs includes a simplified, affordable version of EDR.