First generation OS level Sandbox technology has been around for some time now, allowing organizations to automatically inspect every file passing through their perimeter.
Since the introduction of the sandbox concept, the attackers have developed a wide array of evasion techniques, designed to allow their attack to bypass the sandbox inspection and reach the target systems. However, there is another point in time during the infection process that can always be detected if you know what to look for, and is virtually impossible to evade: the Exploit phase. In this session, we will elaborate on a new approach – a CPU level sandbox that can better detect the most advanced attacks, even when they deploy evasion techniques - by monitoring the CPU activity while the exploit occurs.