The Cloud Sandbox technology allows detecting advanced threats on the device. Kaspersky Industrial CyberSecurity for Linux Nodes automatically sends detected files to Cloud Sandbox for analysis. Cloud Sandbox runs these files in an isolated environment to detect malicious activity and decides on the reputation of these files. Information about these files is then sent to the Kaspersky Security Network. Thus, if Cloud Sandbox detects a malicious file, Kaspersky Industrial CyberSecurity for Linux Nodes performs an action to eliminate the threat on all devices on which it detects this file.
For Cloud Sandbox to work, you need to enable the use of Kaspersky Security Network.
If you are using Kaspersky Private Security Network, the Cloud Sandbox technology is not available.
The Cloud Sandbox technology is always enabled and is available to all users of Kaspersky Security Network. If you have enabled integration with Kaspersky Industrial CyberSecurity Endpoint Detection and Response, you can enable a separate counter in the Web Console for threats detected using Cloud Sandbox. Kaspersky Industrial CyberSecurity for Linux Nodes will indicate the Cloud Sandbox threat detection technology in the Threat report in the Kaspersky Security Center console. A counter of threats detected using Cloud Sandbox is also displayed in the reports in the graphical user interface. You can use this counter to compile statistics when analyzing detected threats.
To enable the Cloud Sandbox counter in the Web Console:
The list of policies opens.
The list displays the policies configured for the selected administration group.
The policy properties window opens.