Box Inc. quarantines malware-infected files with features that allow content to be viewed, with admin and security team alerts to address threats before they spread.
Box Inc.'s new antimalware features will go live later this month as part of its Box Shield security package that give users a way to ensure infected files don't spread across an entire network.
When Box Shield detects an infected file, antimalware features quarantine it so the file can only be viewed, not shared or downloaded. IT staff are alerted to the threat, so security professionals can investigate and mitigate the issue. It adds to Box Shield features released last fall that detect anomalous download activity or access from suspicious locations.
The idea, said Box chief product officer, Jeetu Patel, is to effectively quarantine the file in Box to prevent the malware from spreading across a Box customer's network, while giving the end user a view of the content and the business data they need, edit it online or just "to satisfy their curiosity," he said.
It also adds a layer of security for Box customers who share Box files outside their organization. While customers in regulated industries such as healthcare and banking routinely ask Box for security features, Patel said every customer possesses intellectual property that needs protection.
"Malware doesn't discriminate across industries," Patel said. "We've seen it as a pretty horizontal problem to solve."
Endpoint security systems can't always cover every file, in every medium, on every device that comes into contact with enterprise networks, said Fernando Montenegro, an analyst at 451 Research. Technology vendors like Box adding their own malware agents reinforces traditional endpoint security.
"Building malware detection on the file service itself is a nice logical progression from offering strong access controls over the content," Montenegro said. "Moving forward, the challenge for security teams will be to orchestrate how this additional functionality can be used without disrupting the user experience and without requiring expensive maintenance."
End-user view of Box Shield malware detection tripped after an infected file upload.
Coincidental timing with coronavirus
While the Box Shield features were months in the works, Patel said, they are a timely addition as Box's enterprise customers suddenly shifted to remote work in March due to COVID-19 health and safety precautions.
Building malware detection on the file service itself is a nice logical progression from offering strong access controls over the content.
Fernando MontenegroAnalyst, 451 Research
Network traffic for Box hasn't risen much, as Box customers were already using the file-sharing platform in their workplaces, he said. But malware is up in general, and on top of that, the risk of malware-infected files is exacerbated with everyone working at home.
"As you work remotely from devices that aren't fully protected and managed, and you've got open networks and people under stress, there's a huge amount of risk exposure that increases -- and it was pretty high before COVID-19," Patel said.
While Box hasn't yet seen much COVID-19-specific issues in files its end users are sharing, they could be on the way: The Federal Trade Commission reports a rash of text message, email, robocall and website scams that prey on COVID-19 fears or target stimulus checks the government plans to issue.
Box Shield is available as a stand-alone product, and it also comes included with enterprise licenses. Pricing varies according to the number of licenses purchased.
Dig Deeper on Content management software and services
