Cloud giant Box is adding automated malware detection to Box Shield, the company’s machine learning-based security platform that prevents data leaks and detects threats. This fits into a broader trend that has seen automation increasingly infiltrate the cybersecurity realm, but it also comes as more people are working from home and at greater risk of external and internal threats.
Box Shield launched in private beta back in August ahead of its full public launch two months later and was initially centered around two core capabilities. Smart access allows admins to define custom labels and policies to control specific actions among employees, such as content and link sharing, the ability to add external collaborators, and file downloading. Threat and data breach detection automatically issues alerts for threats — such as compromised accounts, data theft (insider threats), and abnormal behavior, including account access from suspicious locations.
With the new automated malware detection features, Box Shield is moving beyond suspicious user behavior and into scenarios where malicious content may already have been uploaded to a Box account. “Malware has become one of the costliest security incidents facing businesses,” noted Box chief product officer Jeetu Patel.
Indeed, according to Verizon’s 2019 Data Breach Investigations Report (DBIR), malware is responsible for 28% of all data breaches. A separate Accenture report found that malware and malicious insiders accounted for a third of all cybercrime costs in 2018, representing an average cost to impacted organizations of $2.6 million and $1.6 million, respectively.
Following a service update that’s rolling out shortly, when Box Shield identifies a file it believes to contain malware it will automatically alert the end user and place restrictions on file sharing and downloads. Users will still be able to preview and edit files online — they just won’t be able to move the file to their desktop or spread the malware (if it exists) to other users’ machines.
Additionally, Box Shield will notify the relevant security teams, who can view the various malware alerts from within the Box admin console.
The timing of these new features is notable, as the COVID-19 pandemic has created a fertile landscape for bad actors targeting people who are working from home on insecure networks. Even before the current crisis, more businesses were embracing remote working, with employees often using multiple devices — including personal phones and laptops — to connect to their company’s cloud-based systems.
“People are collaborating from more devices and remote locations than ever before, so security teams need telemetry and visibility into potential threats across their environment,” said Box’s chief information security officer, Lakshmi Hanspal. “Automation and security innovations that are intuitive for users can massively reduce the burden on security teams and enable faster response.”
The new malware functionality will be available in Box Shield later this month.