GFI® Software Makes Dynamic Malware Analysis Easier for Businesses

August 05, 2011 - 12:00

GFI® Software Makes Dynamic Malware Analysis Easier for Businesses


GFI SandBox 3.4 provides the same malware analysis capabilities used by government agencies and large financial institutions

GFI Software’s Advanced Technology Group (ATG) today released GFI SandBox 3.4 (formerly CWSandBox), the latest update to one of the industry’s leading malware analysis tools that helps security professionals assess suspected files and URLs for potential threats within a controlled environment. New features include enhanced kernel-level file monitoring, rapid analysis, an intuitive user interface and a new threat intelligence report generator. GFI SandBox 3.4 offers enhanced capabilities for existing customers, while also making it easier for new users to incorporate automated malware analysis into their IT security strategies.

“Businesses and organizations of all sizes—including banks and financial services firms, healthcare providers and online retailers—all have sensitive data and intellectual property they need to protect,” said Julian Waits, vice president, Advanced Technology Group, GFI Software. “Until now, the effective deployment and use of sandbox technology has mostly been limited to government agencies, threat researchers and large enterprises with their own highly skilled security teams. While GFI SandBox 3.4 delivers stronger and quicker malware analysis, our focus for the new product is to make advanced malware analysis more accessible to organizations with limited in-house malware expertise, especially in the financial services sector where we see a lot of malware activity.”

According to industry research firm Gartner Inc., “Banks consider malware their biggest immediate threat…and malware-based attacks are spreading to multiple sectors and enterprises.” Gartner continued by stating, “Malware-based attacks against bank customers and company employees are levying severe reputational and financial damage on their victims. They are fast becoming a prevalent tool for attacking customer and corporate accounts, and stealing sensitive information or funds.”1

Fighting Malware with GFI SandBox
GFI SandBox is a trusted tool for security professionals who need to quickly and safely analyze suspected files or URLs for malicious behavior. It enables users to see how potential malware applications execute, what system changes were made, what network traffic was generated and more, without risking loss of data or compromising a network. These threats range from familiar exploits on known vulnerabilities to sophisticated, custom malware attacks targeting individual corporations, government agencies, educational institutions or healthcare providers. They are created to steal credit card, bank account and social security numbers, passwords, trade secrets or other sensitive personal and corporate information.

Enhancements to GFI SandBox 3.4 include:

  • In-Depth File Analysis – Kernel-level monitoring provides greater confidence when analyzing any file or URL for malicious activity whether in a native or virtual environment.
  • Easy User Controls – From submitting files and viewing conclusions to generating and sharing reports, the new user interface makes GFI SandBox easier to use for security professionals and their colleagues.
  • Digital Behavior Traits – At-a-glance summary of a file’s behavior across multiple platforms alerts users to malicious behavior they need to address. Users also can customize testing platforms within GFI SandBox to replicate any system configuration they have deployed throughout their operations, especially for critical areas such as human resources, sales, accounting, and research and development.
  • Easier Collaboration ­– Admins can grant access to GFI SandBox to anyone in the organization to review and compare the Digital Behavior Traits of suspected files.
  • Fast Malware Assessments – Quicker file submissions and shorter analysis times enable users to evaluate suspected files and URLs more efficiently.
  • Detailed Reports – Security teams can instantly generate high-level summaries or comprehensive, in-depth analysis reports to share throughout an organization to quickly communicate potential threats and implement any necessary responses.

Specialized Solutions for Threat Analysis and Defense
GFI’s Advanced Technology Group (ATG) is backed by the extensive research capabilities and proprietary technologies developed by GFI Labs, the company’s research and analysis division. ATG markets and licenses GFI’s threat analysis and malware detection technologies to large enterprises, and government and defense agencies with uniquely sensitive and demanding IT security requirements; as well as to software developers and hardware manufacturers whose products require proven, embedded security solutions.

In addition to GFI SandBox, ATG’s specialized threat analysis and defense solutions include:

GFI ThreatTrack™ – Continuously updated data feeds generated by GFI’s extensive partner network and internal research provide subscribers with the latest malicious websites, IP addresses and malware. ThreatTrack users proactively identify and defend against harmful URLs, emails and other Internet traffic threatening their network. ThreatTrack is available as a stand-alone data feed, or it can be licensed for inclusion in third-party security products or as an add-on service with GFI SandBox.

GFI VIPRE® Antivirus SDK – A powerful, best-of-breed antimalware Software Development Kit (SDK) that enables OEM partners, ISVs, cloud services providers and enterprises to integrate the VIPRE Antivirus engine into their products or custom applications developed for internal use. The VIPRE Antivirus SDK is available for Windows desktop applications and gateway appliances defending the network.

To learn more about GFI’s Advanced Technology Group, visit www.gfi.com/atg, send email to atg@gfi.com or call 855-443-4284. The ATG team is demonstrating GFI Sandbox, GFI ThreatTrack and GFI VIPRE Antivirus SDK this week at the Black Hat USA security conference in Las Vegas.

About GFI
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small and medium-size businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.

1 Gartner Research “The Five Layers of Fraud Prevention and Using Them to Beat Malware,” Avivah Litan, April 21, 2011