Cybersecurity firm Kaspersky has rolled out version 3.0 of its Research Sandbox platform, introducing a series of upgrades designed to strengthen malware analysis and reduce infrastructure demands for enterprise security teams. The updated tool, originally developed from Kaspersky’s in-lab sandbox environment, reflects over two decades of malware research and is aimed at bolstering incident response and threat intelligence capabilities.
Key Technical Enhancements
A notable new feature in Sandbox 3.0 is visual interaction via VNC, allowing analysts to actively engage with the malware execution environment. This real-time detonation visibility supports deeper investigation into dynamic malware behavior, helping security professionals identify evasive threats that might bypass traditional detection methods.
Another significant change is the integration with Microsoft’s AMSI (Antimalware Scan Interface), improving the platform’s ability to detect obfuscated and script-based attacks, including malicious PowerShell activities—commonly used tactics in modern cyber threats.
The new version also includes extended static analysis features, allowing researchers to examine executable files at a granular level, including headers, entropy graphs, and import/export tables. This helps analysts gather intelligence even for platforms not yet supported by dynamic analysis, such as macOS.
Streamlined Deployment and Interface
Sandbox 3.0 introduces the ability to operate with Kaspersky Security Network (KSN) in addition to the Kaspersky Private Security Network (KPSN), giving users more flexible deployment options. This change is also credited with reducing hardware requirements by approximately 50%, making it easier for smaller teams or pilot deployments to access advanced sandboxing capabilities.
Also read: IBM and Maharashtra Launch AI Hubs
Alongside these back-end changes, the user interface has undergone a full redesign. The new System Activities page offers clearer visualization of malicious processes, and a new History table search simplifies retrieval of past reports to support ongoing investigations.
Context
The release comes amid an increasing reliance on sandboxing tools for behavioral malware analysis as threat actors adopt stealthier evasion techniques. By improving both dynamic and static analysis capabilities, the update reflects broader industry trends toward hybrid and cost-effective threat detection models, especially as enterprise security teams confront budget constraints.
