Improve Your Security With Sandboxing

13/10/2016 14:05

Improve Your Security With Sandboxing


With recent threats like Shellshock and Heartbleed and high profile hacks of the likes

of TalkTalk and Yahoo, it shows that our security systems just aren’t as advanced as

the threats out there. We have all the tools in our security portfolio to protect against

existing threats but when faced with an unknown or never before seen menace,

our systems will struggle to protect themselves.


“See into the future”

We need something to protect us from the malicious files that our networks don’t yet realise are malicious, something that see’s into the future. We need a sandbox.


What is Sandboxing?

Sandboxing has been around for a while. The concept is a security technique which isolates programs to run them separate to the rest of the device and programs. This mitigates risks that the files can impose on the users system by preventing potentially malicious data from damaging or snooping.

By running potential threats in a separate environment, the Sandbox can detect threats that other security methods wouldn’t recognise by quarantining and coaxing them into exposing themselves.



The Lifecycle of a Threat

Nearly one million new pieces of Malware are created each day and lots of these have never been seen before.

Looking at how security measures are implemented and the role each part plays highlights the importance of this missing Sandbox layer many businesses are missing. If we look at how a threat moves through your system, it’s easy to see why and where a Sandbox needs to be implemented.

  1. It starts with a spearfishing attack. The hacker will establish a target and after some research create a seemingly innocent email containing a link to some sort of malware attachment. The email may or may not hit the first security barrier here, the antispam/antiphishing tool. If the email isn’t caught in the filter, which they very often aren’t, it will then reach the target where they may read and click through to the infected link.
  2. If the link happens to be clicked, this is where and how the attack can start. Your web filtering tool will come into play here, but like the antispam/anitphishing tools, this may not always be effective, especially for zero-day threats where it won’t be recognised as malicious.
  3. If the web filtering tool proves ineffective, the site will begin to infect the system. Exploit attacks will be used and an intrusion prevention system (IPS) will try to block it. If the IPS fails as it struggles to protect against the advanced code, then the malware is effectively on your organisations network.
  4. That’s it, the malware is on your system. You may still have some other controls such as antimalware and application controls but it all depends on if these tools recognise the malware as a threat. If they don’t block the malicious traffic you are officially breached.


By visualising how a threat moves through your system, it makes sense to implement a feature at the beginning of the security mix which will isolate and quarantine malicious and potentially malicious threats straight away before they even gets a look in at your system.

The Sandbox works where your other security tools fail. Where malicious files can use evasion techniques to go undetected by the usual security techniques (especially ones unable to scan encrypted SSL/TLS traffic), adding a sandbox means these undetected and never before seen files will be ran and coaxed into exposing themselves in a safe environment separate to your business network.



What to Look For in Sandbox Technology

Sandboxes have come a long way from isolating files within the user’s machine. Moving to the cloud, the engines now send files to a virtual machine where they are quarantined, ran and tested.

In the current climate of threats these single-engine virtual Sandboxes are struggling to keep malware at bay. Malware Authors can code malicious script that will detect and evade this technology. First-generation sandboxes are being bypassed by new, sophisticated code and the best form of defence is with multiple engines on your sandbox.

Cyber networks are becoming increasingly varied. Not only by the amount of different devices and operating systems, but also the file types and sizes of threats. Sandboxes need to have the ability to analyse files in a selection of environments (not just Windows) and also read any file no matter its size and type (PDF, PE, MS Office, JAR, APK, Windows, Android, Mac etc.).

With increasing malware numbers (nearly one million created each day) and a quick paced, ever changing landscape, a sandbox with access to a wider global network is invaluable. Look for something with a remediation signature subscription. This identifies new and zero day threats and sends them to a global network, protecting all devices connected.  You’ll be protected from threats your sandbox has yet to see, putting a stop to unknown and follow-on attacks.


To sum up, sandboxes are an essential layer to add into the security mix. Even the best security technologies struggle to keep with the explosion of unknown threats and a sandbox is the best form of defence.


For businesses looking to add Sandboxing to their current IT solutions, Just Firewalls recommend SonicWALL Capture Advanced Threat Protection (APT). The next-level feature provides firewalls with a three engine Sandbox unlimited file size. Existing SonicWALL customers can quick and easily upgrade their current Comprehensive Gateway Security Suite by contacting us on 0808 1644414 or emailing

Businesses looking to move over to SonicWALL or current SonicWALL customers looking to upgrade their whole appliance, you can browse our firewalls containing Capture ATP here.

Benefits of a sandbox

  • + Prevents data breaches caused by advanced attacks
  • + Exposes unknown and never before seen malware
  • + Protects against spearfishing attacks
  • + Makes your firewall run more efficiently
Posted in News By Lucy Dobson