| |||||||||
| |||||||||
Current Filter: Network>>>>>Opinion> Sandbox Technology: the businesses benefit Editorial Type: Opinion Date: 11-2015 Views: 1430 | |||
| Markus Lang, Senior Product Manager at Barracuda Networks explains why the sandbox is no longer the sole domain of the test lab and how it can help to improve business security For most people the terms firewall and anti-virus software are commonplace in businesses, even if not always understood. But even with the persistent and widespread adoption of these security products, attacks are consistently getting smarter and successfully finding their way through the defences. Malware and its authors are highly sophisticated, and those making it their business to deploy malicious software are consistently finding a way around established defences. One way of mitigating this risk is by deploying sandbox technology.
WHAT IS SANDBOX TECHNOLOGY? A sandbox attempts to detect malware code by subjecting it to run in a computer-based system to examine it for behaviour and characteristics that are indicative of malware. Sandboxing is particularly successful in spotting zero-day exploits and sophisticated malware. Attacks like this can commonly pass through other, less rigorous inspections, leaving the network open to attack. As with so many aspects of IT, the cloud is also starting to play a role in sandbox technology because sandboxes don't have to be deployed in the traditional home network environment. Organisations can now deploy a cloud-based sandbox or virtual sandbox, which stops the traffic before it reaches the network, which in turn is isolated within the cloud environment. This allows unknown or suspicious programmes to run in a safe and controlled setting while decisions are made.
THE MORE VISIBILITY, THE BETTER THE PROTECTION However, when a malware programme checks for specific files or processes that a well-known hypervisor like VMware introduces, these checks will fail. This is where a custom sandbox would be better able to identity malicious activity. However, virtualisation, by definition, means that malicious code is run directly on the underlying hardware. While the malicious code is running, the sandbox is paused. It is only woken up at specific points, such as system calls. This is a problem, and a major reason why it is more effective to have a sandbox implemented into solutions such as a system emulator.
BEYOND ANTI-VIRUS
MALWARE ARMS RACE Simply put, by deploying sandbox technology, organisations will achieve greater security rather than relying purely on their anti-virus solution. NC | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |