Some explanation about the VA-CASMA On-box Sandboxing feature ?? … and possibly guidance on how to configure it ? ..
Release : CASMA 3.1.6.0/3.1.7.0/3.1.8.1
On-box sandboxing with Symantec Content Analysis is a security feature that helps organizations detect and mitigate advanced threats and malware by analyzing potentially malicious files and URLs in a controlled environment.
The on-box Content Analysis and Malware Analysis dual-detection approach combines virtualization and emulation to capture more malicious behavior across a wider range of custom environments.
Malware Analysis is an integrated, on-box technology for detecting and analyzing unknown, advanced, and targeted malware. The adaptive and customizable sandbox solution delivers comprehensive malware detonation and analysis. The dual-detection approach quickly analyzes suspicious files and URLs, interacts with running malware to reveal its complete behavior, and exposes zero-day threats and unknown malware.
Enabling the on-box sandboxing decreases the throughput for the appliance, but also increases the detection capabilities.
As shared during the morning call, The On-Box Sandboxing with the CASMA-VA works exactly the same way as the MA you already know, ran on the physical CAS appliances. We have been able to develop the MA on top of the CAS-VA, hence, the CASMA, as we call it today.
To configure a Malware Sandbox, please refer to the steps in the Tech. Doc. with the URL below.
Configure a Malware Analysis Sandbox
For further guidance, please refer to the attached doc.