Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: Network>>>>>Opinion>

PREVIOUS

Filtered Articles:1 of 167   Current Article ID:6052

NEXT



Sandbox Technology: the businesses benefit

Editorial Type: Opinion     Date: 11-2015    Views: 1430   





Markus Lang, Senior Product Manager at Barracuda Networks explains why the sandbox is no longer the sole domain of the test lab and how it can help to improve business security

For most people the terms firewall and anti-virus software are commonplace in businesses, even if not always understood. But even with the persistent and widespread adoption of these security products, attacks are consistently getting smarter and successfully finding their way through the defences. Malware and its authors are highly sophisticated, and those making it their business to deploy malicious software are consistently finding a way around established defences. One way of mitigating this risk is by deploying sandbox technology.

WHAT IS SANDBOX TECHNOLOGY?
A sandbox is an enclosed environment which isolates files and programmes, allowing them to be examined in safety and avoid operational impact. This means the application in which the files and programmes are running won't be affected. In security terms, a firewall with sandboxing technology can isolate a file whilst it is analysed.

A sandbox attempts to detect malware code by subjecting it to run in a computer-based system to examine it for behaviour and characteristics that are indicative of malware. Sandboxing is particularly successful in spotting zero-day exploits and sophisticated malware. Attacks like this can commonly pass through other, less rigorous inspections, leaving the network open to attack.

As with so many aspects of IT, the cloud is also starting to play a role in sandbox technology because sandboxes don't have to be deployed in the traditional home network environment. Organisations can now deploy a cloud-based sandbox or virtual sandbox, which stops the traffic before it reaches the network, which in turn is isolated within the cloud environment. This allows unknown or suspicious programmes to run in a safe and controlled setting while decisions are made.

THE MORE VISIBILITY, THE BETTER THE PROTECTION
When it comes to helping businesses better protect themselves, the more visibility they have the better the protection. This is especially true when facing malware that is increasingly aware of virtual machines and sandbox analysis. Greater visibility can be provided with full-system emulation, which provides the deepest level of visibility into unknown malware behaviour and is a most effective obstacle to otherwise evasive malware.

However, when a malware programme checks for specific files or processes that a well-known hypervisor like VMware introduces, these checks will fail. This is where a custom sandbox would be better able to identity malicious activity. However, virtualisation, by definition, means that malicious code is run directly on the underlying hardware. While the malicious code is running, the sandbox is paused. It is only woken up at specific points, such as system calls. This is a problem, and a major reason why it is more effective to have a sandbox implemented into solutions such as a system emulator.

BEYOND ANTI-VIRUS
Although organisations may think they are covered by an anti-virus solution, a sandbox goes above and beyond. Sandbox technology usually kicks in after traditional security mechanisms such as anti-virus scanning and intrusion detection and prevention systems. If inspected files are classified as not malicious by the defence systems, the files are checked against a cryptographic hash database that is constantly updated, and in case the file is unknown, it is emulated in a virtual sandbox where malicious behaviour can be discovered.

MALWARE ARMS RACE
There can be no doubt that by deploying a sandbox, organisations are better able to protect themselves against advanced malware. However, just like any area of security, sandbox technology is more of a step in the arms race than a complete solution. Although databases are being constantly updated to include the characteristics of newly developed malware, it is inevitable that those creating the malware will always be working to be one step ahead.

Simply put, by deploying sandbox technology, organisations will achieve greater security rather than relying purely on their anti-virus solution. NC

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT