VMware Contexa, the VMware Threat Intelligence Cloud
VMware Contexa™ sees what others don’t, powering VMware Security to stop threats others can’t.
Get a Full-system Emulation Sandbox for Accurate Threat Analysis

Industry's First NDR Test
Leverage NSX Sandbox for complete visibility into – and protection against – advanced malware that can evade other defenses.

Exposing Emotet’s Cybercriminal Supply Chain
Get our latest threat report exposing tactics and development lifecycles of two new epochs of Emotet attacks and see how you can mount an ironclad defense.
Analyze Advanced Threats
Enable analysis of malicious objects used in advanced, targeted, and zero-day attacks, even when the malicious objects are embedded inside encrypted traffic.
Provide Complete Visibility
Present malware behavior in detailed reports that include all behaviors discovered during analysis. Map malicious activity to the MITRE ATT&CK framework to illuminate the risk associated with each malicious event.
Detect Malware Others Miss
See malware behavior that other technologies miss. VMware includes Deep Content Inspection™ to simulate an entire host (including CPU, system memory, and all devices), interact with malware, and observe all actions malicious objects may take.
Leverage Real-Time Threat Updates
Take advantage of VMware’s extensive threat knowledge base. Enable real-time updates of malware characteristics and behaviors for faster detection and analysis of previously unseen threats and accelerated response time to malicious activity.
Features
Emulation Environment
Unique isolation and inspection environment that emulates an entire host.
Automated Analysis
Automatic deconstruction of every behavior to determine maliciousness.
Real-Time Reporting
Interactive real-time threat intelligence dashboard streamlines threat hunting.
Content Inspection
Deep content inspection for 150+ file types—from .asc to .zip.
Use Cases

Network Sandbox for East-West Traffic
Deliver a distributed network sandboxing capability for malware analysis of east-west network traffic as a part of NSX Distributed Firewall, even when the malicious objects are embedded inside encrypted traffic.

Network Sandbox Throughout the Network
Leverage NSX Sandbox to provide sandboxing at other points in the network via NSX Gateway Firewall and NSX NDR.
We begin every instance of malware analysis by sending the file to NSX Sandbox. If we see something interesting, we then dig in as deep as we can.
Related Resources

Detecting Malware Without Feature Engineering Using Deep Learning
A new approach to detecting malware with deep learning and continuous training boosts accuracy.

Countering the Rise of Adversarial Machine Learning
Leverage a solution that layers multiple machine learning algorithms and other types of advanced detection.

How Machine Learning and AI Fit Into Information Security
Powerful as they are, AI and ML ideally contribute to a synthesis of security information for SOCs.

Related Products
NSX Distributed Firewall
Layer 7 internal firewall.
NSX Network Detection and Response
AI-powered correlation of events across multiple detection engines.
NSX Distributed IDS/IPS
Signature and behavior based detection of ransomware and other threats at every hop.
NSX Intelligence
Distributed analytics engine for topology visualization & policy recommendations.
NSX Gateway Firewall
A Layer 7 firewall to protect physical servers and zone/cloud edge.
Frequently Asked Questions
NSX Sandbox is unique in its ability to do full system emulation. Full system emulation (FUSE) sandboxes emulate the entire hardware: CPU, memory, and I/O devices. FUSE allows the sandbox to interact with the malware and conduct "Deep Content Inspection." This enables the sandbox to view everything the malware is doing and lets analysts carefully study its operation. Because it emulates everything, it is much more difficult for cybercriminals to evade the sandbox.
NSX Sandbox behavior-based detection interacts with the running program and looks at the actions that the program is attempting to take. If the program is trying to do things that appear to be malicious, the behavior-based detection solution will trigger and either the user will be prompted with a notice or the item will be automatically quarantined. Behavior-based sandboxes can detect malware that implement minor changes to evade matches against existing signatures, thereby avoid detection by signature-based systems. Behavior-based sandboxes also detect completely new types of malicious programs that have not been seen before.
NSX Sandbox supports more than 150 file types. Click here for more information.