In very simplistic terms, sandboxing is a piece of software or appliance that is able to detect and analyze attacks that are designed to bypass traditional security defenses.
“It’s not a signature based technology, it’s basically utilizing an automated analysis process to observe what happens when files are executed in different environment types,” said Matt Corney, CTO of Nuspire Networks.
Most sandboxes have a layered approach where they look for traits of what happens during an application execution process. They will move those applications into full virtual environments to show what it looks like inside of a Windows 7 machine with a specific service pack, the latest version of Windows 10, an outdated version of Windows, and so on. It executes the file and monitors what it’s doing to the registry, what kinds of calls it’s making out back to the Internet, to potentially “phone home” to command and control, what files it’s changing within the system or linking to within that system.
“Sandbox [technology] is a really great piece to help you catch that missing percentage that standard signature technology or even signatures that understand polymorphic viruses can’t potentially or traditionally catch,” Corney said.
Corney also warned about the potential for the bad guys to become sandbox aware, writing malware capable of understanding what sandboxes are, that are then able to start doing things to look harmless.
“They understand their environment. They understand that they’re in a sandbox, they decide that they’re not going to execute until 10,000 key presses are detected on the keyboard or until some future date a year from now because that attacker has the ability to just wait patiently until that bomb finally goes off,” said Corney.
It's important to ensure you have the greatest coverage possible with your sandboxing technology, as it’s very helpful in understanding what’s going on with your environments.
For more information about sandboxing and how to better protect your network, view Nuspire’s webinar here: https://www.youtube.com/watch?v=aDgNqt_xpVs