Check Point’s SandBlast sandbox spells R.I.P for ROP attacks

Check Point is upgrading its sandboxing technology so it catches attacks earlier in the process and makes it harder for adversaries to evade detection.

Called SandBlast, the new software monitors CPU activity looking for anomalies that indicate that attackers are using sophisticated methods that would go unnoticed with traditional sandboxing technology, according to Nathan Shuchami, head of threat prevention sales for Check Point.

Traditional sandboxes, including Check Point’s, determine whether files are legitimate by opening them in a virtual environment to see what they do. To get past the sandboxes attackers have devised evasion techniques, such as delaying execution until the sandbox has given up or lying dormant until the machine it’s trying to infect reboots.

To read this article in full or to leave a comment, please click here