Organizations are facing an onslaught of new security challenges and are busy deploying tools to tighten up their networks against hack attacks. Despite these efforts, email remains a highly successful attack vector for cyber criminals because it’s still too easy for employees to fall victim to social engineering ploys that can result in catastrophic data breaches. In the face of this formidable threat, what can be done?

Sandboxing technology has emerged as one of the most effective means of neutralizing ransomware, zero-day and other advanced threats. Working in conjunction with the latest generation of firewalls, a sandbox not only inspects email traffic for suspicious code, but also blocks malicious files from entering the network until a “go, no-go” verdict is rendered.

Threats are detected by scanning a range of email attachment types, analyzing them in a sandbox, blocking them until reviewed by an administrator, and rapidly deploying remediation signatures. Signatures for newly discovered malware are quickly generated and automatically distributed through the cloud, thereby preventing further infiltration by the identified malware threat.

Even with zero-day attacks that have no signature and code that has never been seen before, sandboxing still detects malicious behavior. Bad code takes a limited number of actions, including making an external connection, downloading additional payloads, connecting to a command-and-control server, and attempting to make OS changes. None of these actions are normal for work-related files.

Specifically, sandboxes look for the following:

• OS calls: Including monitoring system calls and API functions
• File system changes: Any kind of action, including creating, modifying, deleting and encrypting files
• Network changes: Any kind of abnormal establishment of outbound connections
• Registry changes: Any modifications to establish persistence or changes to security or network settings
• Beyond and between: As a supplement to other observations, monitors instructions that a program executes between OS calls

Organizations have a choice of administrative options ranging from removing an offending email attachment to blocking an entire message, leading to higher security effectiveness and faster response times.

Sandboxing can provide the edge your business needs to deal effectively with malware infected email – if it’s deployed in the right way. DataLink’s security experts know what to do and are ready to help.  Contact us today: 410.729.0440 or sales@DataLinkTech.com.