// THREAT DETECTION AND DATA PRIVACY TERM

Sandboxing

Sandboxing is a security practice that isolates a program or code in a separate, restricted environment. This allows suspicious files or applications to be run and analyzed without risking harm to the host computer or network.

Sandboxing — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

Sandboxing is a cybersecurity technique that provides a controlled, isolated execution environment for untrusted programs, scripts, or files to prevent them from accessing or damaging the host operating system, network, or sensitive data. This containment mechanism is crucial for malware analysis, threat intelligence, and safely testing code by monitoring its behavior, system calls, and network traffic within a virtualized space.

BACKGROUND

Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • containment
  • isolation environment
  • detonation chamber
  • virtual execution
  • restricted environment
  • quarantine

USAGE NOTE

Sandboxing is a core feature in modern web browsers, email security gateways, and advanced endpoint protection tools to safely analyze potentially malicious attachments and links.

DEVELOPERS

Organizations developing technology related to Sandboxing.

  • Palo Alto Networks

    Develops WildFire, a cloud-based malware analysis service that uses dynamic analysis in a virtual, sandboxed environment to identify and protect against unknown threats.

  • CrowdStrike

    Offers the Falcon Sandbox, an automated malware analysis solution that safely executes suspicious files in a controlled environment to provide detailed threat intelligence and indicators of compromise.

  • Fortinet

    Provides FortiSandbox, a solution designed to detect advanced persistent threats (APTs) and zero-day malware by executing suspicious code in an isolated, virtualized environment.

  • Cisco

    Operates Cisco Secure Malware Analytics (formerly Threat Grid), which provides advanced sandboxing capabilities to analyze malware behavior and provide context-rich threat intelligence.

  • Check Point Software Technologies

    Offers SandBlast Zero-Day Protection, which uses threat emulation and extraction to inspect files in a virtual sandbox, identifying and blocking evasive malware before it enters the network.

  • Trellix

    Continuing the legacy of FireEye's Multi-Vector Virtual Execution (MVX) engine, Trellix provides advanced sandboxing technology that analyzes and detonates suspicious payloads across multiple vectors like web, email, and files.

  • Zscaler

    Provides a cloud-native sandbox as part of its Zero Trust Exchange platform. It analyzes unknown files from web and SSL traffic in an isolated environment to prevent zero-day attacks.

  • Joe Security

    A company specializing in malware analysis systems. They develop Joe Sandbox, a deep malware analysis platform that uses advanced instrumentation and sandboxing techniques, often licensed by other security vendors.

  • Broadcom (Symantec)

    Develops the Symantec Content Analysis System (CAS) and other security products that integrate sandboxing to detonate and analyze suspicious files, identifying malicious behavior in a secure environment.

RELATED TERMS IN DEFENSE & ARCHITECTURE