A sandbox is a system for detecting malware, when using which a suspicious object is launched in a virtual machine with a fully functional operating system, and an analysis of its behavior is used to detect the malignity of the object. If an object performs malicious actions, the sandbox recognizes it as a malicious program. Sandbox virtual machines are isolated from the real infrastructure of the company.
Analyzing the behavior of an object during its execution allows to effectively combat those malicious programs that can deceive static analysis. At the same time, the sandbox is safer than other behavioral analysis tools, since the company's corporate network is not at risk.
A few years ago, Kaspersky Lab developed its own sandbox. It is used as one of the tools for malware analysis, for research and creation of anti-virus databases. In addition, the sandbox is part of the Kaspersky Anti Targeted Attack (KATA) platform and the Kaspersky Threat Intelligence Portal (KL TIP). It helps classify files and URLs (malicious or secure) and get useful information about their activity for developing rules and detection algorithms.
