Apr
08
2020
--

Box adds automated malware detection to Box Shield security product

With more folks working at home than ever, and many on machines outside the purview of IT and security teams, it’s becoming increasingly imperative to find creative ways to protect them from harm. Today, Box announced it was adding automated malware detection tools to Box Shield, the security product it announced last year.

Aaron Levie, CEO at Box, says that it’s important to find new ways of thinking about security, especially with millions of people suddenly working at home using cloud solutions.

“As people have begun working from home in greater numbers, you’re seeing an increase in malware and phishing attacks. [Bad actors] are starting to spread these security vulnerabilities in a much more aggressive manner, and so we’re launching Box Shield with malware protection built-in with advanced tools and policies around that malware detection,” he said.

The company is taking a three-pronged approach with this solution. For starters, it will let users view a file without actually having to download it first, while indicating if there is a risk associated with it. Next, it will actually prevent users from downloading a file with malware attached. Lastly, it will alert the security team when a file with malware has been uploaded to Box.

The idea is to keep the file from infecting whatever device employees are working on, alerting end users when there is a problem, while letting them see the content of the file gives them all the information they need to know if the file is actually legitimate in the first place.

It’s so much easier right now to be spreading this kind of malicious package with people working from home and sharing files at a far greater rate than ever before. This new feature is designed to give everyone in the loop, from the end user to the IT security team, some confidence that they can know when files are infected or not and keep them from proliferating inside of Box.

Aug
21
2019
--

Box introduces Box Shield with increased security controls and threat protection

Box has always had to balance the idea of sharing content broadly while protecting it as it moved through the world, but the more you share, the more likely something can go wrong, such as misconfigured shared links that surfaced earlier this year. In an effort to make the system more secure, the company announced Box Shield today in Beta, a set of tools to help employees sharing Box content better understand who they are sharing with, while helping the security team see when content is being misused.

Link sharing is a natural part of what companies do with Box, and as Chief Product and Chief Strategy Officer Jeetu Patel says, you don’t want to change the way people use Box. Instead, he says it’s his job to make it easier to make it secure and that is the goal with today’s announcement.

“We’ve introduced Box Shield, which embeds these content controls and protects the content in a way that doesn’t compromise user experience, while ensuring safety for the administrator and the company, so their intellectual property is protected,” Patel explained.

He says this involves two components. The first is about raising user awareness and helping them understand what they’re sharing. In fact, sometimes companies use Box as a content management backend to distribute files like documentation on the internet on purpose. They want them to be indexed in Google. Other times, however, it’s through misuse of the file-sharing component, and Box wants to fix that with this release by making it clear who they are sharing with and what that means.

They’ve updated the experience on the web and mobile products to make it much clearer through messaging and interface design what the sharing level they have chosen means. Of course, some users will ignore all these messages, so there is a second component to give administrators more control.

2. Box Shield Smart Access

Box Shield access controls (Photo: Box)

This involves helping customers build guardrails into the product to prevent leakage of an entire category of documents that you would never want leaked, like internal business plans, salary lists or financial documents, or even to granularly protect particular files or folders. “The second thing we’re trying to do is make sure that Box itself has some built-in security guardrails and boundary conditions that can help people reduce the risk around employee negligence or inadvertent disclosures, and then make sure that you have some very precision-based, granular security controls that can be applied to classifications that you’ve set on content,” he explained.

In addition, the company wants to help customers detect when employees are abusing content, perhaps sharing sensitive data like customer lists with a personal account, and flag these for the security team. This involves flagging anomalous downloads, suspicious sessions or unusual locations inside Box.

The tool also can work with existing security products already in place, so that whatever classification has been applied in Box travels with a file, and anomalies or misuse can be captured by the company’s security apparatus before the file leaves the company’s boundaries.

While Patel acknowledges there is no way to prevent user misuse or abuse in all cases, by implementing Box Shield, the company is attempting to provide customers with a set of tools to help them reduce the possibility of it going undetected. Box Shield is in private beta today and will be released in the fall.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com