The Questions you are Probably Asking Yourself Around Sandbox Technology

In the continuing arms race between cyber criminals and the organisations whose data they covet, we continue to see new, ever more sophisticated, tools being deployed both sides.

Lately, attacks called advanced persistent threats (APT) which were originally used only against very large organisations have become more common and are now being used against smaller companies, such as schools, either to attack the smaller entity itself or as a stepping stone to other larger targets.

Small and midsized businesses such as schools are on the radar of attackers, who actually see them as low hanging fruits because many of them lack the resources, the security and the multi-layer defence programs to help protect themselves. 42% of small businesses report being a victim of cyber-attacks and the majority of the companies hacked were hacked twice or more.

Growing Awareness

On a positive note, we are seeing a rise in security awareness driven by the increased coverage of cyber threats in the mainstream media. This has helped many organisations improve their security posture: Employees see news about cyber-attacks and develop more awareness of security risks and so are less likely to engage in risky online behaviour; senior management understand the risks more clearly so IT departments find it easier to obtain the budget required to strengthen and improve their defences.

Demand for Comprehensive Next-Generation Security Solutions

IT teams in organisations of all sizes now understand that sophisticated cyber-attacks can use unknown malware that can evade traditional gateway and endpoint protection. This is why many organisations are considering new solutions to combat this problem. Additionally, there’s a lot of hype encouraging you to buy additional next generation solutions to deal with these unknown threats.

However, often these technologies are too complex and expensive for many businesses to consider. Many of the complex security solutions used by larger enterprise require multiple dedicated devices which are resource and maintenance intensive. They also tend to have low accuracy; this means a skilled team is required to analyse the results. Buying more solutions from multiple vendors that don’t talk to one another isn’t a recipe for a manageable threat defence.

New Age Threats Need Next Level Security – Sandbox

One technology, that’s had more than its fair share of hype, is the sandbox.

The questions you are probably asking yourself around sandbox technology are:

What is a sandbox?

A sandbox is an isolated, safe environment, which imitates an entire computer system. In the sandbox, suspicious programs can be executed to monitor their behaviour and understand their intended purpose, without endangering an organisation’s network.

Do I really need a sandbox?

Organisations need a range of security technologies to protect them from threats both known and unknown. It’s likely you’ll already have deployed Secure Email Gateway, Secure Web Gateway, UTM or Next Generation Firewall at your internet gateway, as well as endpoint protection to your desktops and servers.
Even vendors that only supply standalone sandbox technology would never suggest that their product provides a complete defence against advanced persistent threats. They acknowledge that many security layers are essential to protect against these threats. What a sandbox does provide, is your own dedicated environment to analyse, understand and take action, on the threats to your organisation that haven’t been detected by this stack of conventional security measures. Sophisticated targeted malware, designed to evade detection, will be detected and blocked when detonated in your sandbox.

Why don’t my conventional defences protect me from these APTs?

Basic signature-based antivirus will protect you against known malware. But signature-based antivirus is reactive and increasingly outpaced by today’s attackers. Most leading security vendors us a range of approaches such as malicious traffic detection capabilities and emulation to supplement signature-based detection. However, if your data or credentials are valuable enough to the attacker, they will have spent time discovering what type of security you are using and tested their unique malware to ensure that it will evade detection by your defences.

Surely this kind of technology is only for larger organisations?

An attack on Target Stores, a large US retailer, resulted in 40 million credit card numbers stolen. This had an enormous impact on trust in the Target brand and led to the company spending a significant amount of money on breach-related expenses, like providing monitoring services to protect customers from fraud. Target is certainly a large organisation, but what’s important to consider is that the attackers stole the credentials of Target’s air conditioning contractor. This small supplier was seen as a soft target and an easier route into the larger business. So organisations of all sizes should consider sandbox technology; a targeted attack could cost you your key customers and is one factor in the statistic that 60% of small firms go out of business within six months of a data breach.

Another point solution? That sounds expensive.

Sandbox can be expensive, no doubt. But there are ways of reducing your costs. In their research note on network sandboxing Gartner recommends:

“If your organisation is budget-constrained or looking for a quick path to add sandboxing, first evaluate adding sandboxing as a feature from one of your current security vendors.”

Your existing UTM, Firewall, Secure Web Gateway or Email Gateway may have sandboxing-as-a-feature options available.

With the introduction of cloud computing, the way processing power and storage is delivered and priced has changed. Companies now have access to greater processing power at affordable prices. This has driven a revolution in what can and can’t be delivered as a service.

Sandboxes have proven very effective in identifying and stopping APTs by creating a full working environment for the malware to operate in and making it hard for it to identify that it is being analysed. Previously, such a complex solution had to run on dedicated hardware and have a team of analysts to decipher the results limiting it to large enterprises and malware research labs.

By moving sandboxing to the cloud, the reduction in cost means security vendors can apply more processing power and share resources across multiple customers. It also means companies no longer have to rely on in-house expertise as their vendors or partner can provide the analysts from a central location. This reduces the costs to such a level that all organisations can afford sandboxing.

It sounds complicated – do I have the resources to try and deploy this?

When you begin to trial solutions, consider solutions that are easy to try and deploy. Cloud- based solutions can be rapidly deployed giving you instant results without the need to deploy hardware or upgrade appliances.

Sophos Sandstorm

Sophos Sandstorm is an advanced persistent threat (APT) and zero-day malware defence solution that complements Sophos security products. It quickly and accurately detects, blocks, and responds to evasive threats that other solutions miss, by using powerful, cloud-based, next generation sandbox technology.

For more information about Sophos Sandstorm visit:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s