AMTSO, the cybersecurity industry’s testing standards community, announced the creation
of a sandbox evaluation framework designed to standardize testing for sandbox-based malware analysis solutions.
Sandbox systems play an increasingly important role in malware and threat analysis. However, choosing the right solution for specific needs can be difficult.
The new Sandbox Evaluation Framework provides a list of criteria and a scoring system to help researchers, vendors, and other cybersecurity professionals evaluate and compare sandbox solutions.
For example, inline protection sandboxes offer very low latency and are suitable for real-time protection, making them ideal for products like email gateways and web application firewalls. However, their analysis depth is limited.
In contrast, full attack chain analysis sandboxes operate more slowly but provide deep analysis capabilities, which help identify sophisticated threats.
AMTSO’s framework evaluates several factors including detection capability, anti-evasion technology, analysis depth, speed and scale, deployment, reporting and threat intelligence, as well as automation and integration.
“Each of these indicators addresses a critical aspect of sandbox efficacy, enabling organizations to choose solutions that best fit their security needs,” the developers explained.
For instance, organizations focused on prevention may prioritize detection capability, speed, and scalability. Email security gateway vendors handling large file volumes might emphasize detection capability, compute cost, and ease of deployment and maintenance. Research labs could focus on deep memory analysis and incident response file dissection.
The framework documentation explains the scoring process: 0 points if a feature is unavailable, 3 for limited support, and 10 for exceptional capability. It also details how to assign weights based on the importance of each indicator.
Once scores and weights are assigned, users can calculate total and weighted scores to identify the sandbox solution best suited to their needs.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
