Box Shield: Threat Detection FAQ's
What is Box Shield?
Box Shield is a cloud security tool with the capability to:
- Detect potential malware in content uploading to your Box account, and enforce downloading restrictions
- Detect compromised accounts based on context such as locations, activities, and access patterns
- Make important security decisions based on rules and behaviors
Which Box Shield features are enabled?
Box Shield Threat Detection is enabled as of July 18, 2024. There are several Threat Detection rules that are active in our UT Box tenant:
- Anomalous Download, which detects abnormal download behavior based on tracked usage.
- Malicious Content, which detects potential malware in content uploading to a UT Box account.
- Suspicious Location, which detects an account accessing content from an unusual or excluded geographic location.
- Suspicious Session, which detects instances of impossible travel characterized by rapid changes in user location.
For each threat detected, an alert is sent to the Box Shield dashboard where our admins can evaluate the risk.
When will download restrictions be placed on content that Box Shield detects as malicious?
Enabling download restrictions for suspicious content is anticipated in the near term; there will be another communication when that happens.
How are Box Shield alerts handled by the UT Box admins?
The UT Box service team will monitor alerts in collaboration with the ISO and will communicate with end users as necessary.
How will Box Shield affect my daily work?
Box Shield is currently configured for minimal disruptions to end users. No interruption of service access or operation is being enforced for detected threats at this time. However, a malware warning banner will be displayed in the UT Box web interface when potentially infected files are uploaded or accessed.
What will the malware warning banner look like?
Future Box Shield Improvements
Security controls using content classification labels and access policies will be implemented at a later phase.