Greetings from Sandboxland! From all of us at Hybrid Analysis, we hope this message finds you healthy and well. It’s been quite a long time since our last blog post… we’ve been busy working on platform enhancements and introducing new features to further improve your sandbox experience. One of the most exciting new features is the integration of a machine-learning powered threat score!
With this new feature, the sample and pertinent sandbox data will be scrutinized by a machine-learning model developed with CrowdStrike’s proven machine-learning technology, returning a threat score and associated verdict. The objective of this undertaking was to achieve greater sensitivity and specificity while computing threat scores. Initial analysis from a data set consisting of ~40K samples shows the new methodology to be quite effective, with a significant decrease in the False Positive Rate (FPR), while simultaneously increasing the True Positive Rate (TPR). This feature is initially limited to non-URL submissions detonated in our Windows detonation environments with plans for further expansion as the model develops and matures.