How to Play Nice in the Sandbox

Cybersecurity researchers use sandboxes to run suspicious code from unknown attachments and URLs and observe its behavior. This student team attempted to build a sandbox for testing, malware detonation, and testing of a variety of security tools. The sandbox’ capabilities would need to handle “detonations” and testing in a variety of security environments – to include on-premise networks; co-located networks, and an Azure Cloud environment. The motivation behind such a project is to get out in front of the various exploits and malware that are currently being seen around financial institutions, along with utilizing current threat intelligence through the new tool/environment. Additionally Digital Forensic Tools would be readily available to perform investigative work on the data/artifacts. The desired outcome was to have a fully functioning sandbox ecosystem (to include documentation) so that BECU cyber staff will be able to effectively and safely denote malware and analyze various malware and threats they encounter every day. This was also intended to include a design that will provide an integration between threat intelligence that BECU ingests, and incorporate the se of Artificial Intelligence/Machine Learning (specific capabilities to be named later), to help BECU build a predictive model. The new sandbox environments ideally would include a variety of (open source) investigative and forensic analysis tools which could be presented through a GUI portal.

Latest news