5 Ways an Application Sandbox Protects Endpoints, Users & Networks
By BUFFERZONE Team, 22/03/2016
For years, banks, airports, government buildings, and other secure facilities have used zone-based physical security (a.k.a. “buffer zones”) to keep assets safe. Yet, what happens when the context shifts from the physical world to the virtual one? An increasing number of organizations across all industries — and not just those in high security sectors and fields — are answering this with an application sandbox.
What is an Application Sandbox?
Simply put, an application sandbox isolates potentially malicious content in a virtual container on the endpoint, so that it cannot trigger an infection and ultimately migrate to the network as part of a full-scale attack. Once a threat is identified, IT staff simply wipes the container clean (which they can do remotely).
What’s more, since this protection works automatically and in the background, end users experience seamless and unrestricted access to information and applications – which is good news for them since they remain productive and efficient, and good news for IT staff since end users have no incentive to try and circumvent restrictions!
Benefits of Sandbox Security Software
As for thwarting specific vectors, below are five ways that sandbox security software protects endpoints, users and networks:
1. Web Browsers
All web browsing activity takes place within the virtual container. As a result, endpoints are not vulnerable to web-based threats such as drive-by downloads, malvertising, and an endless stream of zero-day exploits that easily bypass signature-based anti-virus software, firewalls, secure web gateways, and other security tools.
2. Email Attachments
As CSOs, network administrators and IT staff know all too well, it is a foregone conclusion that sooner or later an end user will open a seemingly harmless email attachment, and set a malware attack in motion. With an application sandbox, these threats (e.g. ransomware, macro malware, exploits hidden inside attachments such as graphic files, etc.) cannot infect the endpoint. They are literally trapped in the container, and as noted above get wiped clean.
3. Downloaded Documents
Unfortunately, it is not just innocuous email attachments that end users need to watch out for, but also documents downloaded from partner and other familiar web sites. Even known and expected files, such as spreadsheets, presentations and photos can be infected, and laying in wait for the opportunity to strike. An application sandbox isolates these documents in the container so they cannot deliver their payload.
4. Removable Media
A few decades ago, end users transmitted malware and viruses via infected floppy disks. Well, as they say: the more things change the more they stay the same – because today, while floppy disks are nowhere to be found, removable media (e.g. thumb drives, flash drives, smart phones, etc.) are everywhere; and they, too, are sometimes laden with some particularly nasty threats, like ransomware. An application sandbox keeps these threats from carrying out their illicit aims.
Many organizations are using Skype to affordably and conveniently connect their workforce, as well as to stay in touch with customers. That is the good news. The bad news is that Skype is a preferred vector for threat actors to pass malicious links and files; much like email attachments (as noted above). Yet again, an application sandbox comes to the rescue and keeps endpoints safe – and end users from having to face the wrath of IT staff!
In addition to the protection noted above, sandbox security software also provides organizations with two additional benefits that round out the solution:
• A secure bridge to extract data from the container, which enables collaboration between end users and systems, while ensuring security and compliance.
• Integration with SIEM and Big Data Analytics to identify targeted attacks, and generate actionable endpoint intelligence.
Application Sandbox is the First Step
While it must be augmented with other tools, an application sandbox is a vital first step in protecting endpoints, which are by far the largest area and most vulnerable area of the attack surface.
Indeed, since it only takes ONE infected endpoint to unleash a costly and potentially catastrophic attack across the entire network, the question that organizations need to ask is not “why do we need an application sandbox?”, but rather, “how can we expect to operate without an application sandbox safeguarding our endpoints, users and network?”