Answering rise in cyberattacks with automated malware detection and controls in Box Shield
Malware is one of the most common security incidents facing businesses today, and the COVID-19 pandemic is perpetuating the problem as bad actors look to take advantage of people working remotely. Recently, the FBI issued a warning after seeing a spike in coronavirus-related attacks specifically targeting businesses [1].
At Box, we have been helping protect enterprises from data theft by identifying suspicious user behavior, and today, we’re excited to announce new automated malware detection and controls in Box Shield, available to all Shield customers at the end of April.
A fresh approach to the malware problem
Today, malware is most commonly spread via email, and existing protection tools typically quarantine the file when malware is detected, leaving a tombstone file in its place. This can disrupt work, if there’s critical information in the file that a user needs to view or salvage.
Box’s approach neutralizes the risk without impacting productivity. If the same malicious file was added to Box and is shared as a secure shared link instead of an attachment, users who click on it can access and view the file without getting compromised, thanks to our unique preview technology.
Automated controls protect users while enabling secure work
When Box Shield detects that a file uploaded contains malware, it will automatically label the file as malicious, and restrict downloads and local editing to prevent the spread to more users and devices. Users can safely preview and even edit the file online, while seeing a malware notification in the Box user interface which improves visibility and awareness.
Detailed alerts for Security and IT teams
When malware is identified, Shield will also generate a detailed security alert, so your security and IT teams can quickly evaluate and act on the issue in a matter of minutes. The alert will show you who uploaded the file, threat intelligence about the malware, and file-related activities to date, helping your team decide what response is needed. As with other Shield alerts, the information can be reviewed in the Shield dashboard or sent to a 3rd party SIEM or CASB via Box’s Event APIs.
These new capabilities expand Box Shield’s threat detection beyond suspicious user behavior, which many of our customers have already been using in the past few months to identify potential data theft and compromised accounts based on our unique insight into activity within Box.
Businesses today need an IT strategy that enables secure remote work for months and quarters to come. Built-in security with Box Shield helps prevent data leakage while enabling your distributed teams to work securely from anywhere, with anyone. And it empowers your security team with intelligent threat detection, so they can respond quickly to potential data theft and malware attacks.
These new capabilities will be generally available to all Box Shield customers in May. Contact your Box rep to learn more or see a product demo.
[1] WSJ: Coronavirus cybersecurity fallout might not be felt for weeks or longer