Global
Africa
South Africa
Albania
Australia
Austria
Belgium
Bosnia Herzegovina
Bulgaria
Canada
Canada FR
Croatia
Czech Republic
Denmark
Estonia
Finland 
Finland (English)
France
Germany
Hong Kong
Hungary
Iceland
India
Indonesia
Ireland
Israel
Italy
Kosovo
Latvia
Lithuania
Malaysia
Middle East
Montenegro
Netherlands
New Zealand
North Macedonia
Norway
Philippines
Poland
Portugal
Romania
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenija
Spain
Sweden
Switzerland DE
Switzerland FR
Thailand
Turkey
USA
Ukraine
United Kingdom
Vietnam
Advanced threat protection: Sandbox Integration via API
Automated, on-demand scanning and threat intelligence sharing are just a few simple functions that your Sandbox should provide. In reality, the threat intelligence between different solution is still being “gapped” and mismatched.
Security is provided by multiple layers or approaches, which means you should still tend to detect malicious threats before being hosted by the endpoint. Also, there can also exist a repository of suspect or positively malicious file. The question you should ask yourself is how can you scan all of these files if product is not enabling such functions by default.
The only right answer is API. We all know that Sandboxing is malware’s worst enemy, but API enabled sandboxing is on another level. Today’s malware is not just some static code – it’s mutated by the environment it got into and it’s smart enough to evade detection. This is why the implementation of sandboxing is becoming a common practice.
For example, you can create function that acts as a intermediary with resources you would like to sandbox and the Sandbox itself. You can trigger a function to submit file to Sandbox when file is being uploaded, thus deploying sort of a threat analysis queue.
There is also a need to provide Sandbox capabilities to other services and security teams, thus extending the reach of ATP capabilities and expanding beyond on-premise.
Deep Discovery Analyzer is providing you with on-premise Sandboxing capabilities. Besides providing Trend Micro products (and other vendors) with Advanced Threat Protection (ATP), it also has API capabilities, which you can leverage to go beyond on-premise. With such capabilities you can automate time-consuming activities and provide ATP to other products or even create your own specialized functions.
Useful API capabilities
- Sample Upload (Detonate, Get Screenshot, Generate Report)
- URL detonation
- Sample IoC’s (Get list of created processes, added registry keys…)
- STIX IoC
- All Black Lists
There are more functionalities with using the API for Sandboxing. As you know, there is virtually no limit when using API.
