To anyone unfamiliar with the term, ‘sandboxing’ might sound like something that toddlers would like to do at nursery school – or maybe a specialist one-to-one combat beach sport.
It’s neither, of course. Sandboxing is actually the term the network security community uses to describe the technique of isolating potentially dangerous files that may contain some kind of malware, while they are thoroughly checked over. Essentially, segmenting the threat away from other devices and files and away from causing havoc on a corporate network.
Basically, if your firewall or unified threat management (UTM) device is not certain that a file is completely OK and does not contain some kind of hidden, malicious code, it will place it in the sandbox (which is actually in the cloud rather than the UTM appliance itself). Even if it looks like a legitimate file from a supposedly legitimate source, it will be isolated. This protects business networks from any potential threat that might be contained within the file and ensures that it cannot cause problems or spread to other devices or networks.
The same process can also be applied to development teams. Sandboxing can be used within a regulatory framework to allow small-scale, live testing of innovations in controlled environments, under regulatory supervision. Providing the best possible environment for businesses development software solutions to reveal any bugs or glitches before it is released to the mass market ensures the best chance of success and avoids preventable reputational damage.
A recent ‘Global Sandboxing Market’ research report for 2019 to 2028 valued the market at USD 2.25 billion in 2016 and is projected to reach USD 6.6 billion by 2025, growing at a compound annual growth rate (CAGR) of 12.65% from 2017 to 2025. Sandboxing has become such a widely used strategy, that the incoming European Commission President, Ursula von der Leyen, has pledged to present an EU approach to Artificial Intelligence (AI) within her first 100 days of taking office, which will emphasise accurate and complete high-quality data sets to inform AI. This is where sandboxing comes in. To ensure the integrity of data sets is maintained, industry standardisation, common data spaces and sandboxing will be crucial to safeguard EU citizens’ rights, values and principles.
Rapid response
Sandboxing is a relatively new addition to multi-faceted protection that is now necessary to deploy on all networks. The development and adoption of sandboxing has accelerated largely due to the growing threat of ransomware, which is often spread by using seemingly harmless files in which the dangerous, crypto-jacking code is deeply embedded and disguised.
These codes are difficult to detect using conventional anti-virus and malware scanning, which tend to identify and exclude only ‘known’ threats. Rather than those that can be described as ‘unknown’ and are not yet excluded as a matter of routine. This is also why we call the technique for isolating this kind of threat, ‘zero-day sandboxing’, because the most dangerous time is the first few hours after a new threat has been released and remains undetected.
Sandboxing is one of the most effective ways of preventing unknown threats from being spread. It will identify any files that could contain these heavily-disguised malicious programs and isolate them in the cloud – so they are not anywhere near your system and out of harm’s way. The files will then be analysed and tested to see if they do in fact contain some kind of threat. That information will be added to a shared threat database, so that all users benefit, and cyber-intelligence keeps growing and providing even better protection.
Growing threat
The number of zero-day unknown threats is growing at an alarming rate, so it’s important to make sure that a business’s corporate network system does have sandboxing protection. It is also important to provide this added layer of protection to ensure businesses are compliant with the General Data Protection Regulation (GDPR). Over a year on from the GDPR deadline (25th May 2018), countries such as Slovakia and Sweden are yet to issue a single fine, while countries like Poland, Portugal and Spain have fined companies several hundred thousand Euros. Germany has seen some of the highest GDPR activities, with 42 fines imposed, averaging €16,100 and 58 warnings issued. In comparison, while the Netherlands has issued over 1,000 warnings, only one fine has been issued, which happens to be one of the highest in Europe at €600,000. Whether the level of GDPR fines issued is down to poor compliance in some countries or less-diligent Data Protection Agencies (DPAs) when it comes to auditing in others remains a grey area.
With this in mind, it is in the best interest of organisations to leverage sandboxing to not only ensure compliance and the highest levels of security for business networks. Most sandboxing solutions now use machine learning and self-evolving cloud intelligence to provide the highest levels of protection, meaning businesses can be safe in the knowledge that their systems are being monitored for rogue dangerous files and potential threats are isolated, so the company can continue to work business as usual while keeping their data safe.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.