FireEye and Palo Alto Networks, with its next-generation firewall, each have sandboxing technologies intended to safely “detonate” incoming code to detect any sign of it having been designed to behave maliciously and aggressively. But when it comes to this attack code, “FireEye and Palo Alto can’t tell you if it made it to the machines it intended to reach, or if it ran or if it was stopped,” says Eric Schurr, chief marketing officer at Bit9, which makes endpoint and server security software to stop malware through whitelisting.
But the Bit9 “Connector” software for FireEye and Palo Alto software announced today is a way that a Bit9 customer, who might also happen to be a FireEye or Palo Alto Networks customer, can get a better view into the network impact of the threat their sandboxing technologies initially discovered.
The idea behind sandboxing is that incoming files can be safely detonated, or exploded, as it’s often called, by running the code and analyzing whether it is making a clear attempt to act maliciously and aggressively, even if it’s not known malware. It’s a way to try and detect zero-day attacks that are not signature-based.
It’s been noted that while this type of sandboxing presents another line of defence in the unending battle against malware, it can’t be viewed as fool-proof, especially since malware writers may be working harder now to avoid this type of defence.
With the “Connector,” Bit9 can now receive alerts from FireEye or Palo Alto Networks about suspicious code. The Bit9 software will now also be able to retrieve any file for inspection and send it to FireEye and Palo Alto to be detonated, says Schurr.
The cost of the Bit9 “Connector,” available now, adds about 10 percent to the annual cost of Bit9 products.