Today, technology is everywhere, from smartphones to nuclear warfare, with the internet playing a pivotal role in helping individuals and businesses stay connected. However, as technology continues to revolutionise, so do the tactics of hackers and cybercriminals, posing a growing concern in cybersecurity.
In this technology-driven digital age, next-gen malware analysis sandbox allows businesses to take a fresh look at cybersecurity.
On the sidelines of GISEC 2023, ITP.net had the opportunity to speak with Aleksey Vialkov, Head of Sales at ANY.RUN, about the benefits of using a sandbox for malware detection and how ANY.RUN’s technology differentiates itself from its competitors.
“A sandbox is a tool for executing suspicious programmes in a virtual environment that is safe for your computer,” explains Vialkov. However, he emphasises that ANY.RUN’s sandbox is not an average online sandbox. He highlights what sets it apart: “Users can interact with the virtual machine and directly impact the analysis process by clicking on links, opening files, and performing any other action that may be needed to trigger the malware.”
“Furthermore, all data is presented in real-time, and there is no need to wait for the analysis process to complete,” states Vialkov. This means that even before the service detects the threat, a cybersecurity specialist can identify malware by its malicious behaviour.
“In the end, ANY.RUN not only detects the threat but also provides businesses with detailed information about it, including IOCs, network activity, malware configurations, and other relevant data, which is highly valuable for business security,” he adds.
ANY.RUN’s interactive approach
Continuing, Vialkov explains that ANY.RUN’s interactive approach to malware analysis is what sets it apart from other tools in the industry. While there are different approaches to sandboxing and detecting malware, ANY.RUN focuses on one sample, which can be a real challenge for automatic solutions. He also adds that ANY.RUN allows users to work with a suspicious sample directly, as if they opened it on their personal computer. They can perform various actions such as clicking, opening, printing, rebooting, and more. Additionally, analysts can collect more IOCs thanks to the platform’s interactivity.
“Interactive analysis allows testing multiple execution variants by working with a sample directly, enabling analysts to get data fast,” explains Vialkov.
Antivirus vs Sandbox
While a sandbox can undoubtedly help with malware detection, it isn’t the tool’s priority; its main focus is the analysis of suspicious objects. A sandbox can boost malware analysis by investigating complex, unknown threats and providing a detailed behaviour report, flexible emulation customisation for each sample, direct real-time interaction with a malicious object, and instant results with convenient reports.
According to Vialkov, ANY.RUN automates approximately 90% of tasks that would otherwise require the skills of seasoned malware analysts, making it even easier for less experienced researchers to utilise the technology.
“One cannot compare an antivirus with a sandbox,” says Vialkov. “Any company’s security system involves several layers of protection, and various antivirus systems are one of these layers: they scan all incoming traffic. But a sandbox has another role. It helps solve digital forensics and incident response tasks.”
Vialkov goes on to explain that ANY.RUN can provide fast analysis of complex attacks and collect indicators of compromise, while traditional antivirus software plays an entirely different part in a company’s cybersecurity. Along with AV and other tools, an interactive sandbox is one of the protection stages, and the security system would be incomplete without it, he adds.
ANY.RUN’s regional growth
When asked about ANY.RUN’s plans for growth in the region and which markets they aim to focus on, Vialkov say: “ANY.RUN helps more than 1000 companies stay safe, including IBM, HP, Deutsche Telekom, GAP, McAfee, and OCBC, among others. It also fosters a community of over 300,000 independent researchers around the world.
Elaborating on the limitations of sandboxing, Vialkov points out that it has none. “On the contrary, there are advantages. For example, it can detect new malware samples that have not been seen before or identify objects that can evade all firewalls. However, it should be noted that a sandbox is still a tool for professionals who want to understand how malware works, and not just to ensure that the file is malicious,” he adds.
As Vialkov summarises: “We have been in the cybersecurity business since 2016, and we are already committed to a great cybersecurity community. With our plans for growth in the region and dedicated application for clients in the Middle East, we’re confident that we can make an even bigger impact in the future.”
