A sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.
Using a sandbox provides another layer of protection against new security threats—zero-day (previously unseen) malware and stealthy attacks, in particular. And what happens in the sandbox, stays in the sandbox—avoiding system failures and keeping software vulnerabilities from spreading.
Sandbox environments provide a proactive layer of network security defense against new and Advanced Persistent Threats (APT). APTs are custom-developed, targeted attacks often aimed at compromising organizations and stealing data. They are designed to evade detection and often fly under the radar of more straightforward detection methods.
Sandbox testing proactively detects malware by executing, or detonating, code in a safe and isolated environment to observe that code’s behavior and output activity. Traditional security measures are reactive and based on signature detection—which works by looking for patterns identified in known instances of malware.
Like a development testing environment, a sandbox can be used to run any application on a safe resource before deploying it to production or giving it access to production resources. A sandbox lets organizations run programs that could potentially cause issues, whether from malware or unintended software flaws, without bogging down or damaging business-critical resources.
A sandbox is often used as a quarantine for unknown email and attachments. Email filters will detect potential malicious email messages and attachments, but an administrator needs a safe place to view them to detect false positives. Malicious documents may contain macros that exploit flaws in popular productivity apps such as Microsoft Office. An administrator can use a sandbox virtual machine to open attachments and view the macros to see whether they’re safe.
For organizations that do not have specialized cybersecurity staff, a sandbox can be used by any employee to isolate suspicious programs. A sandbox can let workers run unknown code without exposing their systems to new threats.