[2023 Feb. Security Monthly Express] What is Sandboxing and Why Do You Need It?

zyxel_Lin
zyxel_Lin Posts: 73  Zyxel Employee
Friend Collector Third Anniversary
edited March 2023 in Security Highlight

Malware is becoming more complicated, stealthy, and automated than ever. They can generate more versions of a piece of malware faster than we can write definition forms which would be the traditional way we do it. Every day, the AV-TEST Institute registers over 450,000 new malicious programs (malware) and potentially unwanted applications (PUA). In this article, we’ll talk about why sandboxing, as an advanced technique, is a vital tool to have in the protection of unknown cyber threats.

What is Sandboxing?

Sandboxing isolates unknown files and identifies if they are new malware types that conventional static security mechanism cannot detect, ensuring stronger network security against zero-day attacks.

How does Zyxel Sandboxing work?

Sandboxing is a feature that is available for our ATP/USG FLEX series and in conjunction with a Gold Service Pack license.

Today, the biggest problem with network security is that it's constantly spreading new malware viruses. Our devices are currently equipped with IDP and Anti-Virus to best protect networks. However, these two features are not effective against emerging malware viruses. The sandbox is a virtualized, isolated, and secure network environment that runs unknown files to analyze their behavior.

Sandboxing works as follows:


The underlying principle is based on a common, hosted base via a cloud to provide constantly updated protection in real time. Zyxel Cloud Intelligence receives unknown files from global ATP/USG FLEX gateway's enquiries and stores all information with every new threat recognized, Zyxel Security Cloud becomes a continuously-growing and self-evolving security defense intelligence that learns, grows, and evolves at all times.

Threat Intelligence Machine Learning syncs daily with all ATP/USG FLEX Firewalls so that every ATP/USG FLEX benefits machine learning from the cloud, both the cloud and ATP/USG FLEX are connected as a security ecosystem that learns together, so it can strengthen its defense and stay immune to new unknown attacks. The cloud never stops expanding and evolving, by merging multiple databases with Threat Intelligence Machine Learning, its growing malware intelligence allows ATP/USG FLEX Firewalls to detect malware in real-time.

How to enable Sandboxing feature?

To enable Sandboxing, you can follow the steps below:

Configuration > Security Service > Sandboxing


Then you can see the number of detected files: