The Problem with Traditional Sandboxing

Hackers have come to recognize and understand the usual methods of threat prevention, like antivirus, anti-bot and firewalls. While these are essential elements in a comprehensive security program, today’s advanced hackers use their knowledge and insight to design malware and attacks capable of evading detection by these traditional methods. According to the Check Point 2015 Security Report, unknown malware was downloaded every 34 seconds. With this rapid growth of unknown malware, traditional solutions alone are no longer sufficient to protect against the most advanced attacks.


In recent years, sandboxing technology has emerged as one solution to fight against unknown malware. The traditional (OS-level) sandbox analyzes suspicious files in a safe environment, outside of the network, to determine if they are malicious. Files are sent to the sandbox and activated to examine system registry, network connections, file system activity, system process and other processes for abnormal behavior.

As more sandboxes were deployed, hackers started looking for ways around them. Some hackers can create environmentally-aware malware that recognizes when it’s inside a sandbox and waits until it’s outside to exploit the code. Malware can also be built with sleep timers to delay the attack, allowing it to open long after the file has been marked safe. Even novice attackers have readily-available tools to create mutating polymorphic malware that can bypass traditional sandbox technology. The most dangerous attacks are carried out by cybercriminals with the skills to elude detection technology, making the traditional sandbox less effective.


To fight against unknown malware, a more robust approach to threat detection and prevention is needed: Check Point SandBlast with CPU-level sandboxing capability. Deep inspection at the CPU-level detects infections at the exploit phase. With this advanced technology, activity is observed at the processor instruction level. Exploit attempts to bypass OS security controls are detected, effectively stopping threats before they launch.


The evolving nature of today’s threats demands more than traditional sandboxing – it calls for an equally evolved sandbox. Check Point SandBlast provides organizations with an advanced sandboxing solution that is evasion-resistant and capable of proactively blocking attacks and ensuring files are safely delivered without delay.


To learn more about Check Point SandBlast, join our one-hour webinar, featuring Mike Stiglianese, Managing Director, Axis Technology, LLC and former Chief Information Technology Risk Officer for Citigroup on Wednesday, September 16, 2015. Register here.