To anyone unfamiliar with the term, ‘sandboxing’ might sound like something that toddlers would like to do at nursery school - or maybe a specialist one-to-one combat sport that take place on a beach.
It’s neither, of course. Sandboxing is actually the term that the network security community has been using to describe the technique of isolating potentially dangerous files that may contain some kind of malware, while they are thoroughly checked over. Basically, if your firewall or UTM device is not certain that a file is completely OK and does not contain some kind of hidden, malicious code, it will place it in the sandbox (which is actually in the cloud rather than the UTM appliance). Even if it looks like a legitimate file from a supposedly legitimate source, it will be isolated. This protects you from any potential threat that might be contained within and ensures that it cannot cause you problems or spread to other devices or networks.
Sandboxing is a relatively new addition to multi-faceted protection it’s now necessary to deploy on all networks. It’s development and adoption has accelerated largely due to the growing threat of ransomware, which is often spread by using seemingly harmless files in which the dangerous, crypto-jacking code is deeply embedded and disguised.These codes are difficult to detect using conventional anti-virus and malware scanning, which tend to identify and exclude only ‘known’ threats, rather than those that can be described as ‘unknown’ and are not yet excluded as a matter of routine. This is also why we call the technique for isolating this kind of threat, ‘zero-day sandboxing’, because the most important time is in the first few hours after a new threat has been released and remains undetected.
Sandboxing is one of the most effective ways of preventing unknown threats being spread. It will identify any files that could contain these heavily-disguised malicious programs and isolate them in the cloud – so they are not even anywhere near your system. The files will then be analysed and tested to see if they do in fact contain some kind of threat. That information will then be added to our threat database, so that all users benefit, and our intelligence keeps growing and providing even better protection.
The number of zero-day unknown threats is growing at an alarming rate, so it’s important to make sure that your systems do have sandboxing protection. It is also important to provide this added layer of protection to ensure you are meeting GDRP requirements. Regulators have started to impose more fines on organisations that are in breach of the rules now.
Sandboxing is now provided on all Zyxel ATP appliances as part of the one-year Gold Security Pack license. We have used machine learning and self-evolving cloud intelligence to provide the highest levels of protection. If you already have ATP devices protecting your network, we’d highly recommend that you make sure that your software is up to date, so that you can benefit from the added protection Zyxel’s intelligent zero-day sandboxing gives you. It really is the best way to protect your network from unknown threats.