- Bitdefender announces the general availability release of GravityZone Sandbox Analyzer On-Premises
- Automates suspicious file submission from standard ICAP clients including web, email, and cloud gateways
- Improves targeted attack detection through Golden Image management and parallel sample detonation
Bitdefender today announces the general availability (GA) release of GravityZone™ Sandbox Analyzer On-Premises, building upon our many years of delivering industry-leading malware sandboxing in the cloud. Following a successful controlled introduction in July of this year—involving rigorous testing and proving by multiple high-security customers—Bitdefender users can now expand their targeted-attack defense and breach avoidance use-cases and workflows to cover suspicious files that reach the endpoint from risky web, email and network activity and facilitate broader security integration and automation objectives of their modern, virtualized datacenters.
The Sandbox Analyzer On-Premises supports a diversity of file types for analysis—including executable files, Office documents, PDFs, packed and archived files, plus other types often used for malware delivery—and can monitor or withhold files pending sandbox verdicts, according to the customer’s requirements. Bitdefender uses sophisticated anti-analysis detection and anti-fingerprinting defenses to handle sandbox-aware malware, along with continuous machine learning and global threat intelligence informed from our 500 million worldwide endpoint sensors.
Powerful New Features and Enhancements
New ICAP Sensor: Standard ICAP clients—including Secure Web Gateways (SWG), Secure Email Gateways (SEG), and Cloud Access Security Brokers (CASB)—can now send suspicious files to our ICAP server for prefiltering and sandbox analysis. Files originating via ICAP are highlighted/filtered under GravityZone Sandbox Analyzer reporting.
Sample Persistence and Re-Analysis: File samples now persist on the datastore, allowing for resubmission with alternate Sandbox settings (e.g. different golden image, shorter/longer analysis runtime, with/without Internet access, various command-line arguments, etc.). Persistence is configurable via a policy setting.
Detonation Profiles: Users can manage the Sandbox throughput by toggling between different detonation profiles. Each Sandbox Analyzer sensor can be configured with a specific detonation profile setting, allocating Sandbox Analyzer resources by balancing sample throughput with analysis runtime.
Parallel Detonation: Users can select multiple preinstalled Golden Images when detonating a sample, creating parallel detonations, each one producing a different result for analysts to consider.
Golden Image Validation: Sandbox Administrators can inspect a golden image before submitting the image for building, verifying all GI requirements are met and making corrections, saving image preparation time.
Benefits of On-Premises Deployment
Bitdefender customers benefit from on-premises sandboxing over cloud sandboxing when they require:
- Targeted attack protection –Precise sandbox detection using customizable detonation “golden images” that closely replicate actual production workstations or VDI configurations
- High security environment – All sample analysis takes place onsite and no files or data ever go offsite
- Data privacy and compliance – User and machine identities remain local with no vendor data leakage
- Performance and scalability – Parallel processing throughput and runtime controlled by the customer
- Security integration and automation – Design custom end-to-end workflows using APIs (SIEM, SOAR)
- Security virtualization – 100% virtual appliances run on commodity virtualized servers, freeing administrators from the demands of managing yet another category of proprietary security hardware
Flexible Sandbox Submission and Workflow Automation
The Sandbox Analyzer On-Premises supports multiple file submission and retrieval mechanisms mapped to common customer workflows and facilitates multi-stage security automation, including:
- Automatic submission from Bitdefender Endpoint Security Tools (BEST) Client
- Automatic submission from GravityZone Central Quarantine
- Automatic submission from network file extraction
- Automatic submission from ICAP clients (SWG, SEG, CASB, etc.) to ICAP server for prefiltering/sandboxing
- Manual submission through GravityZone Control Center
- Manual or automated file submission and results retrieval via API
Fortify Your Bitdefender Onsite Security Capabilities Today
With the general availability release of Sandbox Analyzer On-Premises, Bitdefender customers with stringent onsite security requirements gain a powerful tool to combat advanced and targeted malware entering the network from multiple attack vectors. Automated workflows and flexible integrations combine with high-performance, ultra-secure local sandboxing—all with expert support from Bitdefender and our Worldwide Channel Partners. Elevate your targeted attack protection and breach avoidance defenses with proven sandbox technology that you control.