Thorsten Kurpjuhn, European Security Market Development Manager at Zyxel, explains how sandboxing guards against unknown threats – which is why it now comes as standard on all Zyxel ATP appliances
You will have certainly heard the term ‘sandboxing’ and if you already know what it is, you’ll understand why Zyxel has been including this functionality in its advanced threat protection (ATP) devices.
The digital threat landscape is getting more complex. There are more threats and they are more sophisticated and innovative. There are many more new threats – viruses, Trojans, worms, keyloggers, ransomware, crypto-jackers and many more forms of malware are emerging all the time. As a consequence, we can’t rely on simply identifying a new threat and then spreading the word as quickly as we can around our customers through our intelligence threat network. We still do that if course, but we also need to identify any potential threats as well.
In other words, if a file looks suspicious, it needs to be treated as such until it can be established whether or not it is safe. This is where sandboxing comes in. It identifies possible or potential threats before they arrive on the network and isolates them in a safe area, so that they can be properly checked before being passed on.
We approach sandboxing in four stages: Quarantine, Emulate, Identify, and Update. Theses stages are quite self-explanatory really. In the Quarantine stage the potential threat is contained in a safe area. The functionality of the file is then basically copied – or emulated – to see what it is actually going to do – or will try to do. If it is subsequently identified as being a threat, it is excluded permanently. Finally, the information is passed on to our intelligence network and shared with all our customers. Software will be updated automatically.
Easier to manage
In this way, even threats that we don’t know about can be filtered out, isolated and then tested before they cause any kind of issues. It’s a simple enough technique and one that is essential in today’s environment.
Sandboxing is now a standard feature on the entire Zyxel ATP range, so you can be sure that you are very well protected from not only from the threats we always know about, but also from those that as, as yet, completely unknown.