Network Sandboxes are based on sensors on monitoring network traffic. They send suspicious objects (i.e. executable files, Microsoft Office files, PDF files and JavaScript codes) to a virtual domain environment where they will be automatically analyzed for detecting if they contain malware. Sensors may be private devices (or virtual devices) and can be placed in other security products (i.e. firewalls, secure web gateways and secure e-mail gateways can all function as sensors). Sandbox in a nutshell, produces a signature (vaccine) that makes detection easier for other security products, analysis, and detection of a harmful APT file by executing downloaded files on virtual machines.
The acceptance of cloud based virtual domain services enables easier integration of virtual domain as a feature of a main security product (i.e. firewall, secure web gateway and other products), for this reason it has a more common implementation. According to the regulations in Turkey, on-premise solutions are preferred to cloud solutions.
The Sandbox evolution
(1G Sandbox), are independent physical devices that are used to identify advanced threats.
(2G Sandbox), integrates with other devices with wider security architecture to detect advanced threats in an organization.
(3G Sandbox) contains robust AI capabilities that can analyze both static and behavior.
