GFI Software Enhances Dynamic Malware Analysis

GFI SandBox 4.0, scheduled for release Feb. 7, will make advanced malware analysis quicker and easier. The solution’s new Malware Determination Engine provides users with risk levels of “Low”, “Medium”, “High” or “Known” for each potential malware sample analyzed. Many users typically submit thousands of samples a day to their GFI SandBox to help identify the sophisticated malware attacks often undetected by standard security solutions. The Malware Determination Engine enables security teams to more efficiently evaluate the increasing volume of malware and cybercrime plaguing enterprises across all industries.

Additionally, users will be able to implement custom determination rules—based on the hundreds of thousands of malware behavior traits detected by GFI SandBox—to assign their own risk levels to samples that perform suspicious and potentially malicious activities.

Cybercrime a Costly, Growing Threat Sophisticated, targeted cybercrime poses a tremendous threat to large enterprises, particularly in industries such as financial services, healthcare and energy, as well as critical entities like power and water utilities.

According to the FBI, “Cyber criminals can significantly threaten the finances and reputations of United States businesses and financial institutions. …the number and sophistication of malicious incidents has increased dramatically over the past five years and is expected to continue to grow.” 1 The FBI also reported that “…of serious concern are threats to critical infrastructure, the theft of intellectual property, and supply chain issues…” and that “Intellectual property rights violations, including theft of trade secrets, digital piracy, and trafficking counterfeit goods, also represent high cybercriminal threats, resulting in losses of billions of dollars in profits annually.”2

Combating Cybercrime “Like firewalls and antivirus software before it, sandbox technology is quickly becoming a vital component of an enterprise’s cyber defense strategy,” said Julian Waits, vice president, Advanced Technology Group, GFI Software. “Enterprises are being targeted with custom-created malware developed for the singular purpose of compromising their network or even a specific user’s workstation. These persistent threats are often undetected by standard security solutions, making it more imperative than ever before that enterprises deploy a sandbox to assess suspect files for malicious behavior and defend themselves against these cyber-attacks.

GFI SandBox enables users to track how potential malware applications execute, what system changes were made, and what network traffic was generated, without risking loss of data or compromising a network. These threats range from familiar exploits on known vulnerabilities to sophisticated, custom malware attacks targeting individual corporations, government agencies, educational institutions or healthcare providers. They are created to steal credit card, bank account and social security numbers, passwords, trade secrets or other sensitive personal and corporate information.

“Previously, the effective deployment and use of sandbox technology has mostly been limited to government agencies and large enterprises with their own highly skilled security teams,” added Waits. “Starting next month with GFI SandBox 4.0, we will introduce a series of enhancements to GFI SandBox in 2012 that will make it easier for any enterprise to integrate sandbox technology into their security solutions.”

GFI SandBox already provides the most accurate and detailed malware analysis of any sandbox solution on the market today. Now, armed with the new Malware Determination Engine risk levels—coupled with the GFI SandBox Digital Behavior Traits™ summary of a suspicious file’s behavior—security professionals will be able to more efficiently and effectively act upon the threats they discover.

To learn more about GFI SandBox 4.0, visit gfi.com, send email to ATG@gfi.com or call 855-443-4284.

GFI will be demonstrating GFI SandBox 4.0 and its latest enhancements to security professionals attending the U.S. Department of Defense Cyber Crime Conference Jan. 23-25 in Atlanta.

About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.