Let's get right to the point.
Sandbox is an engine that helps keep your business secure against threats and attacks. It is an additional layer of protection that has an effective role in preventing malicious programs from invading your system and, consequently, causing loss and damage.
Sandbox works as a virtual environment independent of your computer and network. Files, URLs and programs are executed in this environment to check if they are malicious or not. Simply put, Sandbox is a safe area for testing files, URLs and programs before they are delivered to the end user. This verification usually takes from a few seconds to up to some minutes.
The main advantage is that, just as in Las Vegas, what happens in the Sandbox stays in the Sandbox!
Because of that and of its high analysis capacity, Sandbox ends up being a useful weapon against zero-day exploits, which are malicious threats not yet identified by security software. It is specially important in email protection, since email is the main vector for such exploits.
A sandbox may be deployed as an independent, separate solution, or as an add-on for other security systems, such as anti-virus and email gateway.
It should never, in any situation, replace your anti-virus, anti-spam, IP reputation, and other engines. They are different technologies that work together so you have the best defense possible.
Real example provided by Gatefy
Recently, our sandbox was able to accurately detect the malicious intention of a new version of the GandCrab ransomware, and block it.
Our report points out that the malware attempts to connect to IRC servers. Then it scans the system looking for endpoint protection or antivirus software. The ransomware then attempts to check the machine's system registry. These are all indications of a malicious software.
After that, the GandCrab starts encrypting files and modifying them to an unknown extension, called .crab. Our sandbox recognizes that, and the ransomware is blocked, without having reached the end user.
The Sandbox administrator will then receive a warning and determine what must be done with the malicious file, such as having it deleted. There is also the option of setting a predetermined action that must be taken with similar files. Our system then generates a report about the malware and sends it to our database, which facilitates future analysis.
If you would like to have more information about sandbox and take a look at our report, please, send us an email: email@example.com. We will be happy to share it with you!