Kaspersky Research Sandbox

Kaspersky Research Sandbox is an automated behavioral and static analysis files and threat detection system. The solution was developed on the basis of an internal laboratory sandbox complex - a patented technology.

2025: Kaspersky Research Sandbox 3.0

On May 12, 2025, Kaspersky Lab introduced an updated version of Kaspersky Research Sandbox 3.0 with advanced capabilities for information security specialists. The solution introduced functionality for deeper file analysis and interactive threat research, while now you can install the product on just one server instead of two. Technical changes will provide greater flexibility and sandbox efficiency, and help organizations reduce the cost of threat detection and analysis.

𝓲

Фото: Kaspersky

According to the company, visual interactive interaction has appeared during the detonation of potentially malicious files (within the Virtual Network Computing, VNC mode). INFORMATION SECURITY-analysts will be able to interact with the runtime in real time, track behavior malware as it unfolds and executes, and run additional tools for more detailed research. This will allow in-depth analysis, as well as expand the ability to detect complex threats that adapt to traditional sandbox methods.

After the update, users have access to advanced statistical analysis of files. This will search for key attributes such as rows, headers, partitions, tables for importing and exporting executable files in executable files, and also generate a graph of the entropy of the file. Information security specialists will be able to receive additional important information information about the characteristics of malware. ON

Attackers are constantly coming up with new methods for obfuscating code (deliberately confusing the code to make it difficult to analyze it) as part of cyber attacks. Integration with Microsoft AMSI (Antimalware Scan Interface) helps to improve detection of packaged and obfuscated scripts in Kaspersky Research Sandbox 3.0. AMSI support, among other things, allows you to analyze malicious scripts on PowerShell, which are often used by attackers.

Now you can use not only Kaspersky Private Security Network (KPSN) as a source of global cyber threat data, but also Kaspersky Security Network (KSN). This flexibility provides a more economical and faster solution deployment option, which is especially important for pilot projects. The KSN connection will also reduce the system hardware requirements in half, as no additional server is required for the KPSN. As a result, Kaspersky Research Sandbox will become more affordable for companies with limited resources.

Along with a major technical update, the user interface has been completely redesigned to make the solution even more convenient, as well as optimize the process of studying potential threats. In particular, the visualization of the System Activities page has improved: now analysts will be able to filter the data presented in the report and focus only on relevant malicious processes. The search function in the history table will allow you to quickly find the results of the previous analysis, which will help information security teams quickly resume past research.

Kaspersky Research Sandbox 3.0 provides information security commands with advanced analysis capabilities, optimized visibility and control over malware behavior. In addition, the entry threshold for organizations with limited hardware resources has significantly decreased - only one server is enough for local sandbox deployment. The Kaspersky Research Sandbox solution is based on modern technologies. With the release of this version of the product, the teams responsible for cybersecurity have become available an updated professional interactive tool for even deeper study of malware. told Boris Storonkin, Head of Threat Intelligence Products at Kaspersky Lab