What is a Network Sandbox?

Network sandboxes provide a crucial tool to unmask malicious code that other security tools may not recognize. The best network sandboxes provide the following benefits:

• Comprehensive Analysis: Certain network sandboxes detect even the latest malware engineered to defeat advanced or next-generation enterprise security tools — firewalls, intrusion prevention systems, and even less sophisticated sandboxes.
• Complete Visibility: Security teams can thoroughly examine suspicious traffic with full visibility into every behavior engineered into a file or URL, and all instructions that a program executes, all memory content, and all operating system activity.
• Faster Responses: By unmasking malicious code before it gets into the network, network sandboxes enable incident response teams to provide very fast responses to attacks.

Leading the industry in network sandboxing, VMware NSX Advanced Threat Analyzer™ provides unrivaled visibility into unknown threats. NSX Advanced Threat Analyzer’s capabilities go far beyond traditional sandboxes, which typically only have visibility down to the operating system level, returning significantly lower detection rates and higher false positives, and are easily identified and evaded by advanced malware. NSX Advanced Threat Analyzer features unique isolation and inspection environment that simulates an entire host (including the CPU, system memory and all devices) and is able to interact with potential malware to elicit and track every malicious behavior.

NSX Advanced Threat Analyzer is offered alongside Advanced Threat Prevention in the NSX Service-defined Firewall, a distributed, scale-out internal firewall that secures data center traffic across all workloads.

A network sandbox provides a way to evaluate unfamiliar artifacts that may hide malicious content. As advanced malware has increasingly adopted sophisticated obfuscation techniques to evade more common endpoint and network security defenses, organizations have responded with advanced threat protection analysis solutions and network sandboxes. A network sandbox gives organizations a vital tool to protect critical infrastructure by identifying and blocking novel threats.

A network sandbox intercepts artifacts entering and traversing the network.. The sandbox appears to the potential malware to be a fully-functioning end-user environment, and it coaxes suspicious files into running their routines — executing, downloading other files, connecting to URLs, etc. The sandbox analyzes a suspect file’s and network behavior, and either allows the file to continue into the network, blocks it, or quarantines it for further investigation.

Network sandboxes are ideally combined with an advanced threat protection solution to round out detection and response capabilities.