Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Sunaniwa(砂庭) positions itself as a Bare-metal Malware Analysis Sandbox. Its core goal is to counter advanced, stealthy malware that detects virtual machines and changes its behavior accordingly. Unlike common VM-based dynamic analysis environments, Sunaniwa emphasizes running samples directly on real physical hardware without any hypervisor, reducing the impact that virtualization artifacts can have on analysis results.
In terms of protection type, it is geared more toward threat research and malware forensics than real-time endpoint protection. The main text mentions three advanced analysis capabilities: first, file and registry differencing, which identifies hidden modifications from outside the OS by comparing physical disk images and registry changes before and after execution; second, memory forensics, using non-intrusive methods to directly extract physical memory in order to discover rootkits or memory-resident payloads; and third, network analysis, capturing full packets in a strictly isolated network and using internal simulated DNS responses and similar mechanisms to induce sample activity. Its bare-metal rapid rollback capability is used to restore a clean environment after analysis.
The public materials do not disclose pricing, licensing model, payment methods, or service levels. The deployment model is only described as a physical bare-metal environment; it is not clear whether this means on-premises deployment, vendor-hosted operation, a cloud service, or a joint research model. Judging from references to “early adoption” and “joint research consulting,” the project may still be relatively early-stage or customized, but this alone is not enough to confirm its commercial maturity.
Its strengths are a clear positioning, a focus on samples that evade virtualized environments, an analysis pipeline covering disk, registry, memory, and network activity, plus an emphasis on isolation and rollback—making it valuable for security research. The drawback is the lack of public information: there are no details on a management console, alerts, reports, APIs, SIEM/SOAR integrations, compliance certifications, customer cases, or operational requirements. Bare-metal analysis usually involves higher hardware costs and more complex automated scheduling, so ease of use remains to be validated.
It is better suited to security vendors, malware labs, threat intelligence teams, research institutions, and advanced blue teams that need to analyze samples with VM-detection capabilities. For ordinary enterprises that only need routine file sandboxing, a mature cloud sandbox or an EDR built-in sandbox may be a better fit. Access from mainland China, network connectivity, and payment methods are not disclosed in the main text, so they should be considered unknown. Alternatives include Cuckoo/CAPE, Joe Sandbox, ANY.RUN, and Hybrid Analysis.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on infinitespace.org official site.
infinitespace.org is an Japan Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach infinitespace.org directly.