What is a sandbox? And why do I need one to defend against advanced threats?

sophos-sandstormIT teams in organizations of all sizes understand that sophisticated cyberattacks can use unknown malware to evade traditional gateway and endpoint protection.

These advanced persistent threats, or APTs, use custom-developed targeted attacks to gain access to a network and remain undetected for long periods of time. The success of APTs depends on staying under the radar as long as possible, using evasive coding techniques to slip past traditional security barriers and steal sensitive data.

This is why many organizations are considering additional “next-generation” solutions to deal with these unknown threats. One technology that’s had a fair share of hype is the sandbox. A sandbox is an isolated, safe environment, which imitates an entire computer system. In the sandbox, suspicious programs can be executed to monitor their behavior and understand their intended purpose, without endangering an organization’s network.

You might be asking yourself a few questions about what a sandbox is and how it stops advanced threats. Let’s answer these questions to understand why organizations of all sizes should consider a sandbox solution.

1. Do I really need a sandbox?

Organizations need a range of security technologies to protect them from threats both known and unknown. What a sandbox provides is your own dedicated environment to analyze, understand and take action on the threats to your organization that haven’t been detected by conventional security measures. Sophisticated, targeted malware, designed to evade detection, will be detected and blocked when detonated in your sandbox.

2. Why don’t my conventional defenses protect me from these APTs?

Signature-based antivirus is reactive and increasingly outpaced by today’s attackers. Most leading security vendors use a range of approaches such as malicious traffic detection capabilities and emulation to supplement signature-based detection. However, if your data or credentials are valuable enough to the attacker, they will have spent time discovering what type of security you are using and tested their unique malware to ensure that it will evade detection by your defenses.

3. Surely this kind of technology is only for larger organizations?

The attack on Target Stores resulted in 40 million credit card numbers stolen. Target is certainly a large organization, but what’s important to consider is that the attackers stole the credentials of Target’s air conditioning contractor. This small supplier was seen as a soft target and an easier route into the larger business. So organizations of all sizes should consider sandbox technology; a targeted attack could cost you your key customers and is one factor in the statistic that 60% of small firms go out of business within six months of a data breach.

4. Another point solution? That sounds expensive.

Previously, a sandbox solution had to run on dedicated hardware and have a team of analysts, limiting it to large enterprises and malware research labs. By moving sandboxing to the cloud, the reduction in cost means security vendors can apply more processing power and share resources across multiple customers. It also means you no longer have to rely on in-house expertise, as vendors or partners can provide the analysts from a central location. This reduces the costs to such a level that all organizations can afford sandboxing.

5. It sounds complicated – do I have the resources to try and deploy this?

When you begin to trial solutions, consider solutions that are easy to try and deploy. Cloud-based solutions can be rapidly deployed giving you instant results without the need to deploy hardware or upgrade appliances.

We address all these questions in our new guide Defeating the Targeted Threat: Bolstering Defenses With a Sandbox Solution. The paper explains why you should consider a sandbox and answers your questions about what to look for in a sandbox solution.

To find out if Sophos Sandstorm is the right sandbox solution for your business, visit sophos.com/sandstorm.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s