Sunbelt Software's CWSandbox Lets VARs Test IT Security

By Frank Ohlhorst  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Sunbelt Software’s CWSandbox creates automated blended attacks, letting IT solution providers and IT consultants test a security solution's muscle. The product also provides IT solution providers and IT consultants with another tool for creating services revenue.

Trust is the key element when it comes to selling security products and services. Solution providers have to trust that vendors have created a product that actually works and customers have to trust that solution providers are offering a product that actually protects. But, as they say, the proof is in the pudding. In other words, no one really knows how well a security solution works until that solution has demonstrated its prowess from an attack. However, attacks are not predictable and waiting around for one is not the best way to see if your security solution works.

For those perplexed by the security paradox, Sunbelt Software has an answer, CWSandbox. Released on Oct. 1, CWSandbox brings a rich tool set to security VARs looking to stress a security solution without creating any of the danger. The product rapidly analyzes the behavior of malware--including infected trojans, Office documents, browser helper objects (BHOs), malicious URLs and more-- by executing the code inside a controlled environment.

CWSandbox uses automated behavior analysis to collect data on the results of an initiated malware attack. Those malware attacks can be large in scale, big in numbers and can be executed concurrently. The product relies on a large database of malware samples to make that happen and that database can be updated with an automated sample malware collection or by using Nepenthes (a tool for automated collection of autonomously-spreading malware). The product uses the malware database to execute analysis and monitoring. When enough information about the malware is collected, the testing terminates and the collected data is analyzed.

Simply put, CWSandbox attacks a system, monitors the activity and then reports on the results. CWSandbox uses code injection to simulate how malware works and avoids detection from existing malware infections by using a hardened API that prevents an existing malware process from tainting the scan results. The monitoring portion consists of watching nearly all accesses to system resources, the file system and the registry. The product also monitors WinSock functions, which are normally used to communicate via TCP/IP-networks. CWSandbox monitors Windows applications with special attention to communication resources and notes any network activity and HTTP, FTP, SMTP and IRC connections and extracts any important data created by an attack, such as file transfers, IRC logins and services initiations.

Frank Ohlhorst Frank J. Ohlhorst is the Executive Technology Editor for eWeek Channel Insider and brings with him over 20 years of experience in the Information Technology field.He began his career as a network administrator and applications program in the private sector for two years before joining a computer consulting firm as a programmer analyst. In 1988 Frank founded a computer consulting company, which specialized in network design, implementation, and support, along with custom accounting applications developed in a variety of programming languages.In 1991, Frank took a position with the United States Department of Energy as a Network Manager for multiple DOE Area Offices with locations at Brookhaven National Laboratory (BNL), Princeton Plasma Physics Laboratory (PPL), Argonne National Laboratory (ANL), FermiLAB and the Ames Area Office (AMESAO). Frank's duties included managing the site networks, associated staff and the inter-network links between the area offices. He also served at the Computer Security Officer (CSO) for multiple DOE sites. Frank joined CMP Technology's Channel group in 1999 as a Technical Editor assigned to the CRN Test Center, within a year, Frank became the Senior Technical Editor, and was responsible for designing product testing methodologies, assigning product reviews, roundups and bakeoffs to the CRN Test Center staff.In 2003, Frank was named Technology Editor of CRN. In that capacity, he ensured that CRN maintained a clearer focus on technology and increased the integration of the Test Center's review content into both CRN's print and web properties. He also contributed to Netseminar's, hosted sessions at CMP's Xchange Channel trade shows and helped to develop new methods of content delivery, Such as CRN-TV.In September of 2004, Frank became the Director of the CRN Test Center and was charged with increasing the Test Center's contributions to CMP's Channel Web online presence and CMP's latest monthly publication, Digital Connect, a magazine geared towards the home integrator. He also continued to contribute to CMP's Netseminar series, Xchange events, industry conferences and CRN-TV.In January of 2007, CMP Launched CRNtech, a monthly publication focused on technology for the channel, with a mailed audience of 70,000 qualified readers. Frank was instrumental in the development and design of CRNTech and was the editorial director of the publication as well as its primary contributor. He also maintained the edit calendar, and hosted quarterly CRNTech Live events.In June 2007, Frank was named Senior Technology Analyst and became responsible for the technical focus and edit calendars of all the Channel Group's publications, including CRN, CRNTech, and VARBusiness, along with the Channel Group's specialized publications Solutions Inc., Government VAR, TechBuilder and various custom publications. Frank joined Ziff Davis Enterprise in September of 2007 and focuses on creating editorial content geared towards the purveyors of Information Technology products and services. Frank writes comparative reviews, channel analysis pieces and participates in many of Ziff Davis Enterprise's tradeshows and webinars. He has received several awards for his writing and editing, including back to back best review of the year awards, and a president's award for CRN-TV. Frank speaks at many industry conferences, is a contributor to several IT Books, holds several records for online hits and has several industry certifications, including Novell's CNE, Microsoft's MCP.Frank can be reached at frank.ohlhorst@ziffdavisenterprise.com

Submit a Comment

Loading Comments...