A sandbox gives you a chance to look into the future. It creates a security mechanism in which a separate, restricted environment is created in which certain functions are prohibited. Multiple organizations are breached by Advanced Persistent Threats (APTs) on a more frequent basis now that technology has evolved. Sandboxing is the latest trend to keep your systems and network protected. The world today is not black and white where we can differentiate between good code or bad code. Malicious codes are simply into the unknown zone.
Anti-spam, IPS, antivirus, web-filtering, app control and IP reputation techniques are necessary protection tools but are insufficient against the most sophisticated attacks today. They rely on the known aspects or indicators of the attack using signatures or heuristics or reputation methods. The real danger is when the attack is new in technique and has different process. Adding Sandboxing to your security mix will create a layer of security that can detect malicious code even if it previously unknown by exposing it in sandbox.
- Block more spearphishing attacks.
- Unearth previously unknown malware.
- Improve effectiveness of your NGFW, or UTM or secure email gateway solution.
- Prevent data breaches caused by sophisticated attacks.
- Detect advanced threats.
It must be taken into consideration that not all sandboxes are equal. Some Sandbox can detect the malware but not block. Cyber criminals also know that sandboxing is used as a protective layer and hence tend to utilize evasive attack methods, for eg: Sleep timers are coded in malware which allows the code to open days after the file has been marked safe.
Advanced Sandboxes can detect malware in data files even before it is fully deployed.
Advanced Sandboxing solutions include traditional capabilities as well as have features of exploit-focused sandboxing. This promises a strong protection against even the most evasive methods of attack. An advanced system would incorporate a processor instruction level security. This allows organizations to block advanced persistent attacks as well as advanced malwares that can evade other sandboxing technologies.
NSS labs has tested the breach detection system and Fortinet technology’s FortiSandbox has been certified by the agency and runs with a Recommended tag. Logix Infosecurity implements Fortinet Sandbox as a security layer in organization’s security network.