360 Sandbox Cloud is an online advanced threat analysis platform that provides services such as accurate sample risk determination, advanced threat identification and complete execution process restoration. Based on the powerful core technology and capability of sandbox detection, through multi-level analysis processes such as static detection and dynamic analysis, trigger and reveal vulnerability exploit, attack and defense confrontation and other behaviors, conduct risk qualitative analysis on the submitted target samples (files and URLs), find unknown and advanced threats, form solutions for advanced threat identification, zero-day vulnerability capture and intelligence output, and help the security administrators focus on the security alarms that need attention, output high-value Threat Intelligence, generate exclusive Threat Intelligence production capacity for enterprises, and form a closed loop of threat management.
Product Value
Accurate risk determination
Accurate sample risk determination capabilities provide users with accurate determination results and behavioral basis for advanced threat and anti-virus analysis teams, helping analytics teams screen, discover, and track the latest active APT attack samples and regular malicious samples to understand the latest trends and reduce the cost burden of analytics.
Security researchers within the enterprise or in free industry can obtain a wealth of detection reports, including judgment results and complete execution processes, for malicious samples of concern.
Real-time threat detection
The real-time threat detection capability is connected to the security response infrastructure of enterprise customers through API, which can detect unknown samples contacted by the enterprise's Intranet in real time, and conduct all-round monitoring and insight into the sample execution process to generate threat alarm, so that there is no hiding from the threat.
The upstream and downstream automatic defense facilities can submit and obtain the detection process and results of samples in real time, respond to the detected threat alarm in a very short time, and achieve the effective combination of discovery and response.
Threat intelligence producing
Complete execution process and network behavior restoration capability, generate and output rich and accurate intelligence indicators, and provide continuous power for the security facilities of enterprise customers such as threat intelligence platform (TIP), security information event management platform (SIEM).
Based on the accurate threat determining ability and complete task report output, 360 Sandbox Cloud can restore the whole process of sample execution, extract high-value and high-accuracy threat indicators, effectively reduce false positives and improve the detection ability of Threat Intelligence and security response facilities.
Product deployment
The SaaS version of online threat detection platform based on cloud computing architecture, is mainly deployed in public cloud clusters, providing services to various users and automatic detection and defense infrastructures through automatic API and portal functions.
In addition, according to the different needs of enterprise customers, we can support the versions of various deployment methods, such as private cloud cluster deployment, single node device deployment, software deployment and so on.