In his recent SecurityWeek column, Scott Simkin calls out the efficacy of malware analysis via sandboxing. Attackers have become acutely aware of the methods security teams use to analyze files for malicious activity, including scanning the environment for code used in known malware analysis tools or observing hardware size for amounts of memory typically found in virtual machines. Scott suggests that there are far more effective ways of identifying and preventing unknown and evasive malware, one of which includes implementing a bare metal analysis environment.
In bare metal analysis, suspicious files are sent to a real, racked-and-stacked hardware environment where they are detonated, and any response is observed for malicious behavior. Threats with virtual machine evasion techniques cannot evade this type of environment.
Palo Alto Networks Traps advanced endpoint protection employs multi-method malware prevention to protect endpoints from known, unknown and highly evasive threats. An integral part of this is the WildFire threat intelligence cloud. WildFire is the industry’s most advanced anti-evasion malware analysis environment. Built from the ground up on proprietary technology, WildFire tracks threats attempting to evade analysis by detecting virtual environments and dynamically steers them to a bare metal environment for full hardware execution. With WildFire integration, Traps can preemptively detect and prevent even the most evasive malware.
Both WildFire and Traps are key components of our next-generation security platform. Read the datasheet to learn more about Traps multi-method malware prevention and its integration with WildFire.