Sandboxing URLs and Attachments
What is Sandboxing?
The term ‘Sandboxing’ or ‘sandbox service’ is used daily in IT Security and can be best explained as a process. A process where the creation of an isolated test environment is required (sandbox) where it is possible and safe to execute/run a suspicious file or URL.
Why do you need a Sandbox?
URLs and attachments are very much a part of daily email communication. Should a file or URL display malicious behavior within the sandbox (your safe environment), then you’ve discovered a new threat. The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.
Sandboxing is used mostly for protecting businesses against zero-day threats (or advanced persistent threats). Traditional spam and email content filters scan emails for known malicious senders, URLs, and file types using pre-defined block lists (RBLs). Protecting against what we already know to be malicious is, of course logical, but this does not protect you from the future unknown malicious payload. That is where sandbox services add a vital layer of security for organizations.
Cybercriminals create hundreds of new threats daily so it takes time for them to be detected and known and recognized by global email security filters. Sandboxing, which is a key component of Spambrella email security which provides two layers of added security in Attachment Defense and URL Defense.
Is there latency with Sandboxing?
Sandboxing has been known to be time and resource-intensive. Latency was the initial issue – routing all email traffic through the sandboxing system which (depending on industry) could have been deemed impractical and cost-prohibitive. Sandboxing resources now provide much lower latency.
Can you Evade Sandbox Environments?
Sandboxing can be evaded by crafty cybercriminals with delayed payloads. As sandboxing became popular with global organizations, cybercriminals programmed threats with features that helped them evade filter detection.
As an example, an email threat (attached file or URL to a malicious website) might be programmed to remain dormant until a future date, so that during sandboxing it appears benign. Another effective evasive technique is to make the malware able to detect whether it is in a virtual environment and to remain dormant until it finds itself in a real desktop or another device.
Sandboxing is Required…
It is clear that zero-day threats are persistent and constantly growing in mass, all organizations (no matter what size) should have a strategy to protect data and employees from threats that evade traditional email, malware, and virus filtering.
Sandboxing is now the most sought after tool for staying one step ahead of cybercriminals. With cloud sandbox solutions available that provide effective protection that no longer adds high levels of latency, your business should have to sandbox for URL filtering and attachment detonation/testing.
How Spambrella can help…
Spambrella is a cloud-based email security and email governance service with URL and attachment sandboxing. Spambrella adopts technology from Proofpoint which adds a multi-layered strategy using traditional signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. Spambrella then directs any ‘good’ emails with URLs and attachments to a sandbox to definitively identify zero-day threats and block them from reaching your network.
Related
Related Case Studies
Used the software for: 2+ years - 5/5 Overall
With an ever overloaded department, and with cybersecurity skills shortage getting worse securing the I.T infrastructure.
Offloading the task of e-mail filtering to Spambrella has dramatically helped in the department's performance. The only drawback in our case is that the service is hosted outside of our territory and thus out of the legal jurisdiction.
Easy to onboard my customers from another spam filtering system. Very fast and haven't had any downtime in the 9 months since I have moved to Spambrella. When I have had to use support, responses where quick. I had to move all my customers from another filtering system with little notice. After I moved my customers I realised how bad the old solution I used was. Contact with Sales and Support always been professional
I found spambrella to be easy to set up and has dramatically reduced the number of spam emails hitting our inboxes. It was easy to 'train' the software to release any genuine emails that were caught or add any spam that was not picked up.
Within a couple of weeks of use virtually no spam arrived to our mailboxes. Spam and phishing emails are a growing problem for everyone I'm sure. I now get a very low incidence of spam.
It doesn't require an arcane knowledge to set the Spam filtering up, the guides are straight to the point and support staff are very helpful. Functionality wise, in short: we do not get spammed. Thanks to Spambrella.
Archiving wise, the new solution is easy to use, searches well and fast and is by far the cheapest we could find at the time. Ten year retention rocks!
The service is great at filtering bad email as well as junk email out while allowing clean email though. I have used a few other options over the years and this is the best I have found. Clients sometimes have trouble configuring their settings to how they want it to be. Or tag emails as approved when they shouldn't and need IT interaction to resolve. Maybe just ease of use or having a more clear way for clients to resolve basics on their own.
Robust, versatile, and reliable...
The reliability of the service and the level of protection that it provides. My spam levels immediately dropped to near zero.
There are almost no false positives. And I'm easily able to customize the level of protection with whitelists, blacklists, and sensitivity settings. I'm also a big fan of the antivirus and URL scanning features.
Latest blog posts
Key Takeaways TA569 leverages many types of injections, traffic distribution systems (TDS), and payloads including, but not limited to, SocGholish. In addition to serving as…
API email security services, like any technology, can have weaknesses that can potentially compromise their effectiveness. Here are some common weaknesses of API email security…
Cybersecurity is an ever-evolving field, and as technology advances, so do the methods used by cybercriminals to steal sensitive information and cause harm. In order…
Business email compromise (BEC) is a growing threat to businesses of all sizes. In a BEC attack, an attacker impersonates a senior executive or a…
