From the sandbox into the company – sandboxing as threat protection

Hardly a week goes by without the obligatory media coverage of the latest dangers of the digital world. But there is good reason for the constant stream of news headlines. It is also clear that phishing emails, Trojans, ransomware and others are no longer a danger just for private individuals.

Companies are increasingly becoming the focus of cybercriminals and economic espionage. But it is not all bad news in the fight against WannaCry and co: As the number of dangerous and increasingly complex attacks is on the rise, the awareness of the need for protection in the network infrastructure is keeping pace.

Cyber-attackers aim for the big hits – sensitive customer data, paralyzing entire systems, or espionage. Even the German federal government has been affected: Hackers broke into the federal government’s data network in late 2016, an attack that was only recognized as such a year later. Also, the hitherto largest attack by the ransomware WannaCry made the headlines when major global companies such as the Spanish telecommunications company Telefónica were hit.

Cybersecurity – an interaction of building blocks

As many of us know: Security for a corporate network is always a balancing act between requirements and flexibility. A comprehensive approach to cyber security today relies on a combination of different building blocks. These range from tap-proof network technology to anti-virus and anti-malware tools, to meaningful prevention. Classic anti-virus applications are a shield against malware and co.

Patterns are recognized, which sets an automatic mechanism in motion that reliably fends off known threats. But the attackers are not sleeping, they continue to develop their techniques: The most recent cyber attacks are using obfuscation techniques that prevent their detection by endpoint and network security products. Some attacks are not directly recognizable as such, and valuable time is lost between the identification of a new threat and the release of signature updates for anti-virus programs. Valuable time that often comes at great expense to companies.

But here’s the good news: The defenders also have effective tools for threat protection. A must-have is the sandbox. Admittedly: It is a somewhat banal term for what is a highly complex and efficient test environment. Sandboxes are specifically designed to detect new threats that attempt to circumvent network security. Basically, a sandbox allows you to run software in an isolated space without access to the actual system environment. The main advantage of this approach is clear: What seems harmless at first can be executed in a secure environment without malicious programs being able, for example, to access the executing operating system. This type of system can protect companies from major damage.

Sandbox included: Boxing-in all corners

So how do I effectively protect myself from cyber threats? How many systems do I really need? The answer: Just one, namely a next-generation firewall that integrates sandboxing and artificial intelligence mechanisms. Ideally in conjunction with a cloud service that keeps itself up to date. The advantages of a sandbox are manifold: It performs checks on the executed file, suspicious software cannot access system resources without going unnoticed, and access to the host system is blocked. In the fight against ransomware and co, the firewall with UTM becomes an indispensable teammate.

Advanced threat protection “Made in Germany”

The LANCOM R&S® Unified Firewalls combine all these functions, including integrated sandboxing, in one compact box.

The way the sandbox works is fascinating: The file or program of interest is presented with all of the usual functions offered by a standard operating environment. The intruder is deceived and shows itself as it goes to work. The files are executed in a secure cloud environment where their behavior is analyzed to see what potential damage or changes to the system would result.

A file is considered to be suspicious if it attempts to access areas of the system for which it has no permissions. At the end of the process, the sandbox has to make a decision that can save a company from more or less serious economic damage: Is the checked file dangerous? Or it can be opened without risk?

This assessment decides whether the file is forwarded or blocked by the firewall. What is especially clever is that the sandbox sends the analysis to the firewall and saves it as a pattern for future files of the same type. In this way, sandboxing solutions are able to analyze various file types and applications. They are extremely versatile and reliably support different operating systems. This is especially important because malware behaves completely differently under Windows, Linux or Android.

The sandbox thus helps to secure the entire network from a central point and prevents Internet-sourced attacks on any part of the company—and all of this can be precisely tailored to the needs of the individual company.

More LANCOMWIRE posts focusing security

No Comments Yet

Leave a Reply

Your email address will not be published. Required fields are marked *

When you leave a comment, the system automatically stores the following data:

    • your name or your pseudonym (mandatory information / will be published)
    • your e-mail address (mandatory / will not be published)
    • your IP address (the IP address will be deleted automatically after 60 days)
    • date and time of the comment submitted
    • a website (optional)
    • your comment text and personal data contained therein
    • I also agree that all personal data entered together with my IP address will only be checked and stored by the Akismet spam filter in the USA for the purpose of spam prevention. Further information on Akismet and revocation options can be found here.