Created Jan 17, 2025Launched
To help our customers secure their content and minimize business disruption, even in the face of a ransomware incident, Box is releasing our new Content Recovery tool. This tool streamlines and accelerates the process of recovering content encrypted or destroyed by ransomware, while also providing a level of precision beyond that offered by simply rolling back to a system snapshot.
Ransomware is one of the most well-known and feared tools in bad actors’ arsenals, enabling them to lock up your content and hold it hostage until you meet their demands. Regardless of the method of breach, ransomware is the most common payload left behind, making it essential that organizations have methods in place to swiftly identify the malicious content, respond to it, and recover from the damage done.
Coming soon, Box is rolling out the first piece of our Ransomware Protection suite, Content Recovery. This new capability enables admins to view users’ activity related to ransomware events occurring within the past 30 days, and recover altered or trashed content within that timeframe. Admins will be able to filter by date, specific actions taken on files (change action, trash action), and filenames. Content Recovery significantly reduces a recovery process that could take days or even weeks, and is able to recover thousands of files in minutes.
This new capability is available for any organizations with Box Shield.
Created Sep 30, 2024Launched
Box is upgrading the model for Box Shield Malware Deep Scan, our machine learning-based malware detection tool, to increase detection efficacy and enable major improvements to supported file types and alert detail.
Box Shield Malware Deep Scan is a machine learning technology that inspects files to identify malicious traits in near real-time. The deep scan capability alongside the reputation scan against leading third-party threat intelligence databases helps enterprises better discover and contain the spread of malware before it becomes a data breach or causes a significant loss of business continuity. Our new model inspects even more file characteristics and will both increase the scope of the scan, while also improving the accuracy and granularity of detection.
During the rollout of this new model, we will also be adjusting how malware alerts are communicated within the dashboard, with the end goal of delivering more actionable intelligence to admins. In addition, we will be monitoring the sensitivity of the scanner and adjusting how malware alerts are communicated within the dashboard. Going forward, this new model also enables us to add support for scanning a huge number of new file types, which will be coming in the next release.
To learn more about Box Shield Malware Deep Scan, look here.
Updated Oct 17, 2024
Created Jun 4, 2024Launched
As part of Box’s continued dedication to providing frictionless security for your organization’s most critical content, we have launched a new integration with the CrowdStrike Falcon platform, bringing powerful new endpoint protection to our customers.
Endpoint protection is an essential component to any content protection strategy, layering on top of cloud-based security controls to detect threats and protect against them at the device level. With CrowdStrike, an industry-leading security provider, Box is now able to ingest sophisticated risk signals from the Falcon platform directly into Box Shield and use the CrowdStrike ZTA score assess the trustworthiness/riskiness of a device seeking to access your organization’s Box content, then block access if necessary. This integration will enable admins to:
Link a CrowdStrike account and ingest risk signals from organization devices
Set a minimum acceptable score within Box Shield to allow access
Block/log out users seeking to access Box with devices that don’t meet the minimum score requirement
A compromised device can provide a foothold for bad actors to evade even strong security controls, so it’s critical that organizations secure those endpoint devices being used. To learn more about how Box security partners provide enhanced content protection to our customers, look here.
Updated Dec 17, 2024
Created Jan 17, 2024Launched
Box Shield will be adding new automated response actions as an option to our Suspicious Location alerts, increasing speed of response to detected threats and reducing the burden on the admin.
Box Shield Suspicious Location alerts enable admins to detect when their organization’s Box account is being accessed from a prohibited location. They can create either allowlists or blocklists that identify permitted geographic regions, and can also build in exceptions for known travel. These alerts have helped our admins detect international bad actors seeking to compromise their content, and we are making them even faster and easier.
Admins will now have the ability to enable automated response actions for managed users when access is detected from a non-permitted location. Upon detection, Box Shield will:
Immediately terminate the session that triggered the alert
Block the account from accessing Box until it returns to a permitted location
To learn more about Box Shield Threat Protection, look here.
Updated Jan 18, 2024
Created Oct 3, 2023Launched
Box will be releasing an improved UI, enhancing the admin experience and simplifying the identification and implementation of security rules within Shield.
Box Shield offers a wide range of tools for admins to protect against both external and internal threats, such as detecting malicious content, protecting against data leakage with Smart Access controls, and identifying content with robust classification capabilities. To help ensure that organizations are getting the most out of Box Shield, we have updated the UI to highlight several essential rules, including:
Malware Detection
Anomalous Download
Suspicious Session
Suspicious Location
These highlighted rules represent a great starting point for securing your content with Box Shield, and this UI change will make ensuring they are enabled much faster and simpler.
To learn more about Box Shield and its extensive content protection capabilities, look here.
Updated Oct 19, 2023
Created Aug 16, 2023Launched
Box has released an upgraded algorithm and new supported file types to Box Shield Malware Deep Scan, our deep learning-based malware detection tool, to further improve the accuracy and scope of the scan.
Box Shield Malware Deep Scan leverages deep learning technology to look inside the file to identify malicious traits in near real-time. The deep scan capability alongside the reputation scan against leading third-party threat intelligence databases helps enterprises better discover and contain the spread of malware before it becomes a data breach or causes a significant loss of business continuity. We have deployed a new and improved algorithm to identify more sophisticated malware strands more accurately, and have added support for the following new file types:
.msg
.lnk
.elf
To learn more about Box Shield Malware Deep Scan, look here.
Updated Aug 29, 2023
Created Jul 10, 2023Launched
We have added Classification Cards on hover to All Files view in Shield to offer increased user visibility into the security controls being applied to the file or folder with that classification label.
Effectively communicating the classification and corresponding security controls associated with content to end users is an essential component of a frictionless content security strategy. Box Shield provides advanced tools to intelligently classify your organization’s content and apply security controls based on classification, and the new Classification Cards will help you better communicate those security policies to your users.
When hovering over a classified file or folder, Box will now display a card showing:
The classification name and its corresponding color
Any security controls associated with that classification
To learn more about Box Shield and its classification features, look here.
Updated Jul 22, 2023
Created Apr 10, 2023Launched
Box Shield has enabled Monitoring Mode for Shared Link restriction in access policies, expanding the range of security controls that Box Admins are able to test without enforcing.
Monitoring Mode for security controls in access policies enables admins to monitor their employees’ access to sensitive content before enforcing those security controls. By providing visibility into potential security violations, Monitoring Mode allows admins to fully assess business impact, get alignment with business owners, and fine tune the access policies, as needed, before rolling them out, accelerating the implementation of policies for frictionless security and compliance.
By enabling Monitoring Mode for Shared Link restriction, admins are empowered to understand how Shared Links are distributed and used without actually restricting usage. Instead, when a Shared Link is used in a way that would trigger the restriction, the action is logged and is available via Event API for ingestion. Admins can then assess over time whether the restriction would be overly prohibitive (or not restrictive enough) for the organization’s business needs.
To learn more about Box Shield Smart Access policies, go here.
Updated May 22, 2023
Get Updates
Sign-in to your Box.com User Account to receive customized product notifications.
Subscribe