Yomi
読み
Cyber criminals are beginning to learn and understand more about the most common methods of security detection and are specifically focusing their efforts on them. What sandbox technology does is help to expose invasive new threats, as well as old threats in new disguises. What sandboxing does is providing an additional security layer to the modern-day threat environment. A network security sandbox in fact is an analysis environment in which a suspicious program is executed ('detonated') and its behaviour observed, noted, and then analysed.
Traditional sandbox technology is ineffective if the attacker adopts evasion techniques able to recognise the environment simulated by the sandbox and deny their true intentions in future runs.
Yomi, unlike traditional sandboxing techniques, has been conceived and developed according to a different method of analysis which provides, within the controlled perimeter, the presence of multiple sandboxes where the suspicious code will be injected in parallel. By checking all the different sandboxes responses our analysts will be able to evaluate if even one of them has shown an abnormal behaviour. The presence of the tiniest difference between the parallel results will raise the threshold of potential hazard and a more in depth analysis will then be carried on, including - if necessary - reverse engineering.
Traditional sandbox technology is ineffective if the attacker adopts evasion techniques able to recognise the environment simulated by the sandbox and deny their true intentions in future runs.
Yomi, unlike traditional sandboxing techniques, has been conceived and developed according to a different method of analysis which provides, within the controlled perimeter, the presence of multiple sandboxes where the suspicious code will be injected in parallel. By checking all the different sandboxes responses our analysts will be able to evaluate if even one of them has shown an abnormal behaviour. The presence of the tiniest difference between the parallel results will raise the threshold of potential hazard and a more in depth analysis will then be carried on, including - if necessary - reverse engineering.
