Not every day can be a beach day. Instead of driving hours to build sandcastles, why not bring the beach to you? In a very literal sense, sandboxes are isolated structures with sand that emulate the beach – minus the water and waves.
Similarly, in the digital world, a sandbox is an isolated environment that emulates real operating systems and functionality, creating a controlled environment to test software and detonate unknown or suspicious files and code without harming the network or other local appliances.
Hybrid workforce and the rise of BYOD increases the criticality of sandboxing as a protection layer for enterprises. As your attack surface expands beyond the perimeter, you need depth in your defenses to stop the sand – in this case, malware – from spilling over into your network. Yet, security and IT teams are steadfast in their vendor-provided sandboxes or endpoint “sandboxing” for complete protection instead of a layered approach with a network sandbox. We’re about to bust this myth.
What is an example of a vendor-provided sandbox?
Whether you’re scouring the internet for research nuggets to have in your report or casually browsing the internet on your own time, security has been instrumentally built into your experience. Google Safe Browsing protects users and devices using Chrome and Gmail. Working in real-time, users are notified when a website or file is considered dangerous to prevent phishing and malware. Another example is VirusTotal, a site users who are already in the possession of a potentially nefarious file or URL can use to manually analyze and detect malicious activities.
Google and VirusTotal automatically share threat intelligence to the security community and antivirus scanners to protect users and their internet experience. Detecting known threats becomes a walk in the park because they’re blocked instantly. Unfortunately, detecting and stopping unknown threats may need a little more help.
Why you need a cloud-gen sandbox at the network level
Threat actors are actively developing malware that can bury itself deep in the sand, obfuscating known mitigation techniques and delivering malicious payloads in encrypted traffic. Preventing unknown and zero-day threats is not only a priority, it’s required.
Modern enterprises need modern sandboxing. Zscaler Cloud Sandbox sits inline between the user and the network to deliver protection across web and file transfer protocols, including SSL/TLS. Advanced AI and ML models drive the malware prevention engine, automatically quarantining and analyzing unknown or suspicious files while providing instant verdicts for benign files. As a true zero trust sandbox, Zscaler Cloud Sandbox quickly adapts to policy changes and further minimizes attack surfaces by blocking threats across all users once they’ve been identified. This is unlike other network sandboxes that rely on a passthrough architecture that allow files to reach the user before providing protection.
Better together: Zero-day detection and remediation with EDR and cloud-gen sandbox
Endpoint detection and response (EDR) solutions sit at the endpoint to continuously monitor code behavior of a device and protect against threats while accelerating investigations and enabling decisive remediation. Threat actors expect to go head-to-head with an EDR solution as they attempt to obtain access to a network. To combat this, EDRs like CrowdStrike offer sandboxing functions when an end user or device comes across a file their AI or algorithm deems suspicious.
The reality is, threat actors use zero-day malware and target multiple users and devices at a time, hoping to compromise agentless, unmanaged devices with access to corporate resources. Without the ability to sandbox and quarantine every file in real-time on every device for all users, well-designed, never-before detected malware can lead to a breach. Leveraging the Swiss Cheese Model, enterprises using EDRs like CrowdStrike can significantly reduce their risk posture by integrating with a cloud-gen sandbox at the network level. Instead of competing with one another, each sandbox complements the other by sharing bidirectional threat intelligence and triggering cross-platform workflows to enforce access policies and remediate infected endpoints. When Zscaler Cloud Sandbox’s AI-driven quarantine returns a malicious verdict the file is blocked across the network and shared with the EDR so it can block across all endpoints. Together, CrowdStrike and Zscaler provide early detection and visibility into potential exploits, enabling them to act faster, with more context and efficacy.
Today’s adversaries are throwing themselves a party. Enterprises relying on traditional security measures or a single layer of protection are finding that modern malware development cycles are agile and polymorphic. Simply put, without defense in depth that includes a network, cloud-gen sandbox with AI-driven quarantine on top of an EDR and vendor sandboxing, your overall risk posture remains high. Find out more by joining our live webinar with CrowdStrike on November 2nd at 10 a.m. PT / 1 p.m. ET, “Private Property, No Trespassing: Stop Threats from Gaining Access”.
↧