PT Sandbox

PT Sandbox scans all incoming email traffic at the mail server level, leveraging multiple antivirus engines and YARA rules developed by the PT ESC expert center. Suspicious files and links undergo behavioral analysis in an isolated virtual environment, enhanced by customizable machine learning models. This approach detects unknown, concealed, and obfuscated malware, preventing threats from breaching the corporate perimeter.

Files are analyzed for threats before they are uploaded to corporate network resources or transmitted through document management systems. This proactive scanning prevents malware from spreading through internal file-sharing and collaboration tools.

PT Sandbox operates with an architectural advantage, analyzing sophisticated malware at the hypervisor level. Its multi-layered analyzer monitors threats across user space, the OS kernel, and the hypervisor itself. This deep visibility enables detection of both widespread threats and highly evasive malware, including rootkits and bootkits.

PT Sandbox retains traffic dumps and event data, allowing SOC teams to conduct in-depth analysis of detected malware behavior. It streamlines proactive threat hunting and automates the investigation of suspicious objects found in the infrastructure. The system runs samples across multiple virtual environments, recording all activity and generating detailed behavior graphs and useful artifacts. Analysis results are mapped to the MITRE ATT&CK matrix, enabling rapid mitigation and insight into the attacker's position within the kill chain.

PT Anti-APT is a threat detection suite built on the network traffic behavioral analysis system PT NAD and the network sandbox PT Sandbox. This combination enables detection of targeted attacks both at the perimeter and within the network, reducing the attacker's dwell time.

PT NAD inspects a copy of redirected network traffic for threats. Suspicious files are sent to PT Sandbox, where they undergo behavioral analysis. If malicious content is detected, PT Sandbox delivers its verdict to PT NAD for appropriate action.

As part of the Positive Technologies XDR solution, PT Sandbox enhances endpoint security by integrating with MaxPatrol EDR. When MaxPatrol EDR detects suspicious files, it sends them to PT Sandbox for analysis. If a threat is confirmed, the system blocks it across all endpoints and relays information about the detected malware to the SIEM system.

PT Sandbox helps detect supply chain attacks that target a company's customers rather than the company itself. Attackers may exploit vulnerabilities in a web application to replace legitimate files with malicious ones. When integrated with a web application firewall, PT Sandbox analyzes uploaded files, identifies threats, and enables immediate blocking.

Integration with traffic monitoring and analysis tools allows PT Sandbox to detect and block malware in web traffic, strengthening protection against targeted attacks, advanced malware, and APT threats. It inspects files moving through firewalls and web application firewalls, returning a verdict on whether they contain malicious content.

PT Sandbox protects development environments by analyzing applications before deployment. Behavioral analysis of in-house software prevents supply chain compromises, ensuring that published applications do not introduce security risks to users.

Pairing PT Sandbox with MaxPatrol VM strengthens vulnerability management by identifying potential exploits before they can be weaponized. This integration provides an additional layer of security, mitigating risks even for vulnerabilities that have yet to receive official patches.