Cloud SWG: Malware Advanced Sandbox Enhancement

2 days, 23 hours, and 59 minutes
Complete
Complete

The maintenance is now complete. Thanks for your patience.

Underway

The scheduled maintenance is now underway. We'll keep you updated on our progress.

Scheduled

Beginning October 21, 2024, Broadcom will update the Cloud SWG with a new version of the sandbox engine associated with the Malware Advanced Service. This maintenance activity is expected to complete on October 23, 2024. Existing customers will be migrated automatically without the need for manual reconfiguration. All historical reports will be preserved and the migration is not expected to cause any issues or outages. While the sandbox will be new to Cloud SWG, it has been live in production for our Email Security Service and Symantec Endpoint Security Complete customers for over a year with excellent performance and efficacy.

Impact

  • The new sandbox is fully integrated with our full stack of cloud based detection capabilities:
    • Utilizes metadata from our global intelligence network to eliminate known threats and benign files.
    • Uses file content, age, frequency and other factors to identify threats that would otherwise be missed.
    • Advanced machine learning to detect threats that have never been seen before.
    • Static scanning, disassembly, entropy analysis, emulation, multi-level embedded/encoded artifact extraction for analysis.
    • Executes potential malware in a controlled sandbox environment with new active in-line evaluation, new patterns, evasion detection, and other advanced sandbox techniques to maximize efficacy.
  • Previously file verdicts were presented as 1-10, they will now be either ‘Clean’, ‘Suspicious’ or ‘Malicious’ for simplicity.
  • The malware SIEM feed will include a new field with this verdict (‘ma-sb-verdict’)
  • Emails sent for suspicious and higher post-downloaded threats will now include a link to the report, as opposed to a pdf report as the pdfs were often being detected by spam filters as malicious.
  • The Cloud SWG detonation reports will feature new patterns, categories and other minor formatting changes.

Required Action

No action is necessary, as customers will be migrated automatically without the need for manual reconfiguration.

Notice

This communication is related to the Cloud SWG public infrastructure. For updates related to the Symantec Gov Cloud infrastructure, subscribe to status notifications for the "FedRAMP" component at: https://status.broadcom.com/services/cloud-secure-web-gateway.

Support

Questions? Contact technical support by visiting: https://support.broadcom.com/security.

For service status and maintenance updates visit and subscribe to Broadcom Service Status: https://status.broadcom.com

Began at:

Affected components