CWSandbox is an automated behavior analysis tool that leverages unique technology for the automatic detection of malware. The forthcoming release of CWSandbox v3.0 will give researchers the ability to compare multiple analyses for differences and similarities, and allow them to send malware samples to multiple sandbox configurations and centrally manage the process. Unlike other malware analysis tools on the market today, CWSandbox provides true automation and gives those on the front lines of cyber-defense the ability to analyze in bulk and save crucial time.
Security researchers will have the ability to compare simultaneously how malware operates in a variety of environments. By leveraging this sophisticated analysis, enterprises can put security best practices in place to account for how malware behaves differently on varied desktop configurations within their networks and proactively protect against targeted threats.
"Sunbelt has a long history of marrying its endpoint anti-malware tools with state-of-the-art threat research," said Chad Loeven, VP, business development for Sunbelt Software. "Cooperation and sharing of such research in the security community is essential for the timely protection of businesses, federal agencies and consumers against the rising tide of malware attacks. SunbeltLabs is continually improving its world-class research methods in order to lead the effort to keep the bad guys out."
To that end, Sunbelt introduces a new Exploit Feed, which is one of the vital data streams maintained by SunbeltLabs, and is now part of the Threat Track service. The Exploit Feed tracks URLs deemed to be malicious based on a set of behavior and code traits, and is updated continuously, identifying links to exploits before users can become infected. The URLs are passed through an array of "honeyclients" configured to detect any malicious activity.
Data captured by the Exploit Feed include files dropped by the URL, other URLs involved in the exploit process, code containing the actual exploit, and an XML behavior analysis report of the browser and all related malware processes. The Exploit Feed, in conjunction with the other feed components of Threat Track, is heterogeneous in nature and can be incorporated into cloud, gateway and desktop Web security solutions.
Sunbelt's CWSandbox and Exploit Feed will be on display today and tomorrow in Booth #1 at Black Hat USA 2009 in Caesar's Palace, Las Vegas, Nevada. For more information on CWSandbox or Threat Track, please visit www.sunbeltsandbox.com.
Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in