Smart Security Sandboxes Up the Ante Against Stealth Threats

Posted on May 20, 2016
Share Button

Although a lot of companies use anti malware tools, a growing number of cyber criminals  can bypass them with malware programs and advanced persistent threats — like zero-day attacks, for example—that are immune to their signature-based detection methods.

The same can be said for other anti-malware techniques such as web filtering, IP reputation and antivirus. They typically rely on signatures, reputation or heuristics. This renders them ineffective against new, unknown threats.

Adding to the challenge is the increasing sophistication of modern malware including polymorphic programs — code that constantly morphs through compression, encryption and other tactics. Cybercriminals also use botnets to circumvent static blacklists, using a network of compromised devices to dynamically change IPs and DNS during an attack, enabling the malware to fly under the radar.

Traditional Sandboxes Are Not Foolproof

Sandboxes have been used in recent years for malware detection because they can analyze suspicious files in a controlled environment that’s isolated from the network. Essentially, a sandbox “coerces” malicious files into executing itself, so it can be exposed and even destroyed.

But malware writers are constantly reverse-engineering detection tools to circumvent the conventional sandbox. New attack methods are now being seen that evade sandboxes with techniques such as virtual machine detection and “extended sleep.”

New Generation Of Sandboxes Offer More Comprehensive Methods

In response to this evolution, new, more advanced technology is emerging; including smarter, more comprehensive sandbox solutions. These sandboxes also use deep behavior analysis, but unlike their more traditional predecessors, they more closely replicate a user’s environment, such as a system configuration.

Because smart sandbox technology better understands how malware would behave in a specific environment, IT teams better understand the impact on their various systems. And not only does this technology replicate the malicious behavior within the specific environment, it also aims to accelerate code execution so it can be detected faster.

Multi-Layered Approach Is Effective Against Threats

The most-effective sandboxes are designed to work in tune with other techniques such as web filtering, next-generation firewalls and antivirus. They are not intended to be used in isolation as a catch-all tool.

Although the new generation of smart sandbox solutions are much more effective against malware than earlier generations, organizations cannot depend on a single-layer tactic. They must take a more integrated, multi-layered approach to threat detection to keep up with the ever-evolving tactics of bad actors.

Look for a product that offers a multi-layer approach which integrates detection, mitigation and actionable threat insight. Learn more about how Citon can assist your organization to develop and deploy effective, regulation compliant solutions.