Malware Analysis & Sandboxing
Expose more malicious behaviour. As traditional networks evolves, cloud technologies are becoming more pervasive and endpoint devices continue to change, attackers see key openings to propagate their advanced threats. To protect against threats in the most advanced use-cases, Blue Coat Malware Analysis and sandboxing capabilities are a key component of Blue Coat’s Advanced Threat Protection solution, providing actionable intelligence that combines static, dynamic and reputational analysis techniques.
Integrated with Blue Coat Content Analysis, Mail Threat Defence and/or Incident Response, Analytics & Network Forensics provides a highly scalable solution for detecting and analysing unknown, advanced and targeted malware. Where most vendor sandboxes must be deployed passively and can only report on threats, Blue Coat’s Malware Analysis can be integrated with a number of Blue Coat in-line technologies, to deliver real-time sandboxing protection.
Sandboxing with Blue Coat
Malware Analysis employs a powerful dual-detection approach, combining virtualisation and emulation to capture more malicious behaviour across a wider range of custom environments than typical consolidated single-sandbox solutions.
Emulation Sandbox: An instrumented, fully controlled, replicated PC computing environment emulating Windows systems to detect malware that otherwise will not detonate within a virtualised environment
Virtualisation Sandbox: Custom analysis profiles replicate actual Windows production environments, down to the applications and versions in use, to quickly spot anomalies and behavioural differences that unveil anti-analysis, sleep and other advanced evasion techniques. A virtualised Android sandbox detects and analyses mobile threats traversing enterprise networks.
Key capabilities of Blue Coat Malware Analysis
- Defeat anti-analysis at many levels Anti-analysis defeating tools, such as hook-based introspection, high- and low-level event capture and detection in both kernel and user modes, intercept and convert behaviour into detailed forensic intelligence.
- Interaction with running malware Flexible plug-in architecture extends detection and processing by interacting with running malware, clicking through dialog boxes and installers and generating unique post-processing analysis artefacts.
- Generate more relevant results Virtual machine profiles replicate multiple custom production environments, allowing security analysts to analyse threats across a range of operating systems and applications. These can closely match your desktop environments, gathering intelligence on malware targeting your organisation directly or seeking to exploit specific application vulnerabilities.
- Adaptive intelligence for changing threats As Malware Analysis does not rely on static signatures, its flexible detection patterns are designed to detect polymorphic files, single-use targeted malware and fast-changing website domains.
- Detailed forensics for remediation Blue Coat sandboxing technology provides security defenders with a comprehensive map of the damage, including both host-based and network indicators of compromise, that any malicious file or URL would cause to equivalently-configured production machines, without putting actual computers or sensitive data at risk.
- Share Threat Intelligence As unknown, advanced or targeted malware and zero-day threats are exposed, new threat intelligence is continuously shared across the security infrastructure, and optionally with the Blue Coat Global Intelligence Network, consisting of 15,000 customers worldwide. In turn, your organisation can benefit from data fed in by other organisations.
Learn More: What is Sandboxing (Computer Security)?
Learn More: What is Malware?
Learn More: What are Advanced Persistent Threats?
Demo: Next-Gen Malware Analysis and Sandboxing, with Blue Coat Security Analytics
Together the Blue Coat Malware Analysis and Security Analytics deliver dynamic, advanced protection to uncover advanced malware and zero-day threats.