Release Notes

To help our customers secure their content and minimize business disruption, even in the face of a ransomware incident, Box has released our new Content Recovery tool. This tool streamlines and accelerates the process of recovering content encrypted or destroyed by ransomware, while also providing a level of precision beyond that offered by simply rolling back to a system snapshot. Ransomware is one of the most well-known and feared tools in bad actors’ arsenals, enabling them to lock up your content and hold it hostage until you meet their demands. Regardless of the method of breach, ransomware is the most common payload left behind, making it essential that organizations have methods in place to swiftly identify the malicious content, respond to it, and recover from the damage done. Box has rolled out the first piece of our Ransomware Protection suite, Content Recovery. This new capability enables admins to view users’ activity related to ransomware events occurring within the past 30 days, and recover altered or trashed content within that timeframe. Admins can filter by date, specific actions taken on files (change action, trash action), and filenames. Content Recovery significantly reduces a recovery process that could take days or even weeks, and is able to recover thousands of files in minutes. This new capability is available for any organizations with Box Shield.

As part of Box’s continued dedication to providing frictionless security for your organization’s most critical content, we have launched a new integration with the CrowdStrike Falcon platform, bringing powerful new endpoint protection to our customers. Endpoint protection is an essential component to any content protection strategy, layering on top of cloud-based security controls to detect threats and protect against them at the device level. With CrowdStrike, an industry-leading security provider, Box is now able to ingest sophisticated risk signals from the Falcon platform directly into Box Shield and use the CrowdStrike ZTA score assess the trustworthiness/riskiness of a device seeking to access your organization’s Box content, then block access if necessary. This integration will enable admins to: Link a CrowdStrike account and ingest risk signals from organization devices Set a minimum acceptable score within Box Shield to allow access Block/log out users seeking to access Box with devices that don’t meet the minimum score requirement A compromised device can provide a foothold for bad actors to evade even strong security controls, so it’s critical that organizations secure those endpoint devices being used. To learn more about how Box security partners provide enhanced content protection to our customers, look here.

Box Shield has added new automated response actions as an option to our Suspicious Location alerts, increasing speed of response to detected threats and reducing the burden on the admin. Box Shield Suspicious Location alerts enable admins to detect when their organization’s Box account is being accessed from a prohibited location. They can create either allowlists or blocklists that identify permitted geographic regions, and can also build in exceptions for known travel. These alerts have helped our admins detect international bad actors seeking to compromise their content, and we are making them even faster and easier. Admins now have the ability to enable automated response actions for managed users when access is detected from a non-permitted location. Upon detection, Box Shield will: Immediately terminate the session that triggered the alert Block the account from accessing Box until it returns to a permitted location To learn more about Box Shield Threat Protection, look here.

Identifying when users are accessing content from a suspicious location is a crucial aspect of content security. Previously, Box Shield provided alerts when users access content from locations the Box Shield admins deem suspicious, so that admins can take any necessary action. However, there are times though when some of the users may have an unusual travel schedule or require special exception to avoid too many alerts caused by their movements. To help accommodate for this situation, and other circumstances where blanket suspicious location alerts may not be sufficient, Box has added the ability for admins to create exemptions. These exemptions, either temporary or permanent, can be assigned to: Individual users User groups Domains

In keeping with our commitment to providing frictionless security for our products, Box is now empowering admins to leverage Box Sign capabilities even for documents with Box Shield access restrictions. By integrating these two products in a more frictionless way, admins no longer have to choose between restricting access and sharing to sensitive documents and taking advantage of the flexibility and power of Box Sign. With the new Box Sign Request Restriction access policy, Download and print restrictions won’t prevent users from initiating requests. Share link restrictions won’t prevent users from initiating requests. Admins are able to granularly restrict the use of Box Sign using the new access policy as a part of already existing access policies or autonomously. To learn more about how Box Sign and Box Shield can work together, and how to take advantage of this new synergy with your content, please reach out to your account team.