IPS is built for the detection and prevention of network intrusions, network misuse and distributed denial of service attacks (DDOS), based on its internal violation detection rules. Those rules cover protocol violation detection, suspicious content detection, DDOS detection and network misuse detection. However, for unknown content such as zero-day malware,unknown file objects and malicious URL links, the IPS cannot detect and block them since no prior knowledge exists about them.
TXSandbox is designed to analyze unknown file objects and URL links to determine if they are malicious based on their behavior. The TXSandbox is the perfect security complement to integrate with the IPS so that the IPS can send these unknown file objects and URL links to the TXSandbox first. When the TXSandbox detects any maliciousness, the unknown file object and URL hash value will be sent back to the IPS so that it can block/prevent the harmful content from reaching the endpoint systems.
- TXSandbox is designed with an integration concept in mind. Its flexible deployment options and friendly restful API interfaces make integration an easy task
- TXSandbox is built with dual engines to ensure that the URL objects analysis achieves the highest detection rates
- TXSandbox decodes the PE file’s embedded shell code and then performs deep analysis to detect any hidden advanced malware
- TXSandbox runs inside a Linux docker container and doesn’t require Microsoft Windows licenses
- TXSandbox is built with anti-sandbox evasion technology so that it detects malware even if it has sandbox evasion capabilities.