The term ‘Sandboxing’ or ‘sandbox service’ is used daily in IT Security and can be best explained as a process. A process where the creation of an isolated test environment is required (sandbox) where it is possible and safe to execute/run a suspicious file or URL.
Why do you need a Sandbox?
URLs and attachments are very much a part of daily email communication. Should a file or URL display malicious behavior within the sandbox (your safe environment), then you’ve discovered a new threat. The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.
Sandboxing is used mostly for protecting businesses against zero-day threats (or advanced persistent threats). Traditional spam and email content filters scan emails for known malicious senders, URLs, and file types using pre-defined block lists (RBLs). Protecting against what we already know to be malicious is, of course logical, but this does not protect you from the future unknown malicious payload. That is where sandbox services add a vital layer of security for organizations.
Cybercriminals create hundreds of new threats daily so it takes time for them to be detected and known and recognized by global email security filters. Sandboxing, which is a key component of Spambrella email security which provides two layers of added security in Attachment Defense and URL Defense.
Is there latency with Sandboxing?
Sandboxing has been known to be time and resource-intensive. Latency was the initial issue – routing all email traffic through the sandboxing system which (depending on industry) could have been deemed impractical and cost-prohibitive. Sandboxing resources now provide much lower latency.
Can you Evade Sandbox Environments?
Sandboxing can be evaded by crafty cybercriminals with delayed payloads. As sandboxing became popular with global organizations, cybercriminals programmed threats with features that helped them evade filter detection.
As an example, an email threat (attached file or URL to a malicious website) might be programmed to remain dormant until a future date, so that during sandboxing it appears benign. Another effective evasive technique is to make the malware able to detect whether it is in a virtual environment and to remain dormant until it finds itself in a real desktop or another device.
Sandboxing is Required…
It is clear that zero-day threats are persistent and constantly growing in mass, all organizations (no matter what size) should have a strategy to protect data and employees from threats that evade traditional email, malware, and virus filtering.
Sandboxing is now the most sought after tool for staying one step ahead of cybercriminals. With cloud sandbox solutions available that provide effective protection that no longer adds high levels of latency, your business should have to sandbox for URL filtering and attachment detonation/testing.
How Spambrella can help…
Spambrella is a cloud-based email security and email governance service with URL and attachment sandboxing. Spambrella adopts technology from Proofpoint which adds a multi-layered strategy using traditional signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. Spambrella then directs any ‘good’ emails with URLs and attachments to a sandbox to definitively identify zero-day threats and block them from reaching your network.