We’re sorry, your browser appears to be outdated.
To see the content of this webpage correctly, please update to the latest version or install a new browser for free, such as Avast Secure Browser or Google Chrome.

What is sandboxing? How does cloud sandbox software work?

Why is cloud-based sandboxing needed?

Cybercrime is growing more strategic and dangerous each day, using sophisticated attack techniques and finding new ways to install malware and compromise data.
One of the biggest cybersecurity challenges that small and mid-size businesses (SMBs) face is keeping operations secure as their reliance on the Internet and cloud-based services grows.

The reality is, with more than 4.5 billion active Internet users today, the Internet has quickly become a major platform for attacks. Recent research from the 2020 Verizon Data Breach Investigations Report also reveals that 43% of breaches in 2019 were attacks on web applications.

There’s no shortage of ways to try and steal data. Cybercriminals can gain access to a company or individual’s network by embedding false URLs, attachments, and files in phishing emails or by planting misleading links.

The good news is that modern web security measures such as cloud-based sandboxing and secure web gateways are designed to keep pace with evolving web and email threats. For example, secure web gateways inspect every byte of web traffic, even encrypted traffic, and use cloud sandbox software to test suspicious web content for malicious intent.

How does a cybersecurity sandbox protect against threats?

A cybersecurity sandbox provides a safe environment for opening suspicious files, running untrusted programs, or downloading URLs, without affecting the devices they are on. It can be used anytime, for any situation, to safely examine a file or code that could be malicious, before serving it up to devices — all the while keeping it isolated from a PC and the company network.

In cybersecurity, sandboxing is used as a resource to test software that could end up being categorized as “safe” or “unsafe.” As malware becomes more prevalent and dangerous, there are malicious applications, links, and downloads that could potentially gain endless access to a network’s data if they’re not tested by sandbox software first. Sandboxing can be used as a tool to detect malware attacks and block them before they enter a network. The system allows IT to test code and understand exactly how it works before it invades an endpoint device with malware or viruses; this gives IT teams insight and tips on what to look out for in other scenarios.

As a key measure in network and web security strategies, sandboxing provides an additional layer of security to analyze threats, separating these from the network to ensure online threats do not compromise operations. The application or file can be run if needed, with all changes being discarded once the sandbox is closed to eliminate risk of corrupted devices.

Sandbox software is available as a cloud-based or appliance-based solution and offers different advantages depending on your business needs.

What are the differences between cloud-based and appliance-based sandboxes?

As many SMBs are quickly discovering, cloud-based software enables teams to work productively from any location very cost-efficiently, without the maintenance that on-premise appliances and software require. And that means physical on-premise appliance solutions are being used less and less, as cloud-based software provides advantages for remote working, backup and recovery, and reduces in-house hardware costs.

While both cloud-based and appliance-based sandboxing software can improve protection against zero-day threats, cloud sandboxing offers a number of advantages for modern, fast-growing workforces in terms of web-based malware inspection capabilities, scalability, and ease of use.

First, cloud sandboxing eliminates the need for localized servers and enables URLs, downloads, or code to be easily tested on-demand in a virtual sandbox, completely separated from the computer or any of the network devices. In contrast to on-premise sandboxing that is run on physical appliances and can not protect remote or traveling workers, the ability to test in a virtual environment can protect users on and off the corporate network.

Cloud sandboxing also holds an advantage over appliance-based sandboxing when it comes to inspection capabilities as it offers the ability to inspect SSL traffic, a frequent hiding place for malware. If your sandbox software doesn’t have the capacity to inspect all SSL traffic, malicious web threats could slip through.

Using cloud sandboxing also eliminates the need for expensive testing appliances that will require maintenance, updates, and ultimately depreciate and cost extra money.

Which sandboxing option is best for your business?

Cloud sandboxing is ideal for companies with a large network and an abundance of remote workers as it ensures traveling employees are protected. Cloud-based sandboxes can also scale with a company, whereas appliances will need to be traded in for larger capacity ones, or additional items will need to be purchased. While appliances aren’t capable of sandboxing suspicious content from a distance, they could be ideal for a smaller company with a limited number of endpoint devices that actually connect outside the corporate network.

How does cloud sandboxing safeguard the entire network from threats?

IT teams may have recently experienced cloud sandboxing’s benefits firsthand when COVID-19 work-from-home mandates began — the most notable benefit of cloud sandboxing, as opposed to appliance-based sandboxing, is the ability to protect your remote workforce.

For example, without safe remote work measures enabled, there is a risk of remote employees using various Internet and web connections from guest networks that can be easily hijacked or used for cybercrime due to the large number of people using these potentially unsafe connections. The fact is, once a user leaves the network, they could be exposed to threats as company appliances cannot travel with them. The cloud sandbox can protect the entire network — regardless of location. For additional remote work security tips, see the Avast Business blog.

How does sandboxing differ from the Avast Business CyberCapture feature?

Cybercriminals focus on quick, innovative schemes to breach a network and affect as many users as possible in a short time frame. One way that Avast Business endpoint protection solutions have solved for this is through the company’s proprietary CyberCapture file scanning feature, available in every Avast Business antivirus product.

CyberCapture is designed to automatically detect and analyze rare, suspicious files and uses machine learning and behavior analytics to do a deeper analysis on potential malware. It is used to detect seemingly malicious files that are unknown and capture them for deeper analysis. If malware is detected, CyberCapture quarantines and stops it so it can no longer execute on a user’s system and infect the network.

Like cloud sandboxing, CyberCapture also works in the cloud to detect malware that uses encryption to hide its true intentions, clearing the creator’s false code in order to uncover its true commands and instructions. It is then identified as safe or unsafe, and quarantined so it is no longer executable on the device.

While CyberCapture works automatically, cloud sandboxing can be used on-demand by any user or IT team that seeks to run a given file or application in a cloud-based environment isolated from the device.

Sandboxing can work alongside CyberCapture, feeding its insights to CyberCapture to enable IT to better determine malicious and non-malicious behavior and continually improve threat protection.

Avast Business solutions include sandboxing and CyberCapture.