Industry Insights

How Reliable are Sandbox Gateway Appliances?

This solution provides advanced malware detection for incoming emails in the form of an easy to use sandbox appliance but does it mean the end of APTs and data breaches

Over the past few years, spear phishing attacks via highly targeted messages have been the primary attack vector of successful data breaches. More than 90% of attacks on enterprise networks are the result of spear phishing methods. This has led to the rise of a new breed of security solutions – Sandbox Based Gateway Appliances. This solution provides advanced malware detection for incoming emails in the form of an easy to use sandbox appliance. It launches every incoming email attachment in a secure virtual environment to monitor its runtime behavior. In case it detects any malicious activity, a red flag is raised. The results of this technology have been positive and many zero-day Advanced Persistent Threats (APTs) have been detected and blocked by this approach.

So does the implementation of this security signal the end of APTs and data breaches? The early success of such Sandbox based appliances can be attributed to the fact that malware variants were never designed with such protection mechanisms in mind. Instead, these samples were focused towards breaching traditional antivirus and firewall solutions. This enabled them to breach traditional security solutions with zero-day attacks very frequently. But now that more enterprises are using these Advanced Threat Protection Sandbox based appliances, new malware variants are being designed with the aim of penetrating this specific protection mechanism.

At the Quick Heal Threat Research Labs, we have come across a new malware sample that was able to breach this Sandbox protection. It successfully worked its way around this mechanism and reached a user’s inbox without getting detected. Detailed analysis of this sample revealed that it has been designed to infect highly protected networks. It also has several anti-virtual machine and anti-sandbox tricks implemented within it. This malware was reported on 4th August and it has been named APT-QH-4AG15.

We are in the midst of analyzing this APT threat further, and will be releasing a detailed analysis report in the next few days. What this attack has taught us is that even the most advanced Sandbox based appliance protection can be breached. As a result, enterprises need to consider and implement multiple layers of protection to safeguard their networks. While the network breaches of the last few years have raised concerns about the effectiveness of endpoint security protection, future breaches are also sure to raise the question – Can Sandbox appliances provide reliable protection against APTs?

Profile: Sanjay Katkar is the Co-Founder and Chief Technology Officer of Quick Heal Technologies.

He leads a team of young and dynamic software professionals, engaged in development of various anti-virus modules on various platforms including the design and development of new features. The company is now recognized as a complete security solutions provider for its simple and dynamic solutions that span platforms as well as multiple devices. The company has come-up with intelligent and innovative Mobile Security suite for Android and BlackBerry platforms which was launched in the NDTV Gadget Guru Conclave and Awards.

Sanjay also serves as the Director of Association of Anti-Virus Researchers Asia (AAVAR) and is a reporting member of The Wild List Organization International, USA. He is also a member of the Technology Steering Committee of National Security Database.
He received the Entrepreneurs International Honors for his significant achievement as a First Generation Entrepreneur on 9th Entrepreneurs Day 29th July 2002.

Related posts

Implications of the New Age Analytics for the Banking Sector

adminsmec

Growing Tentacles of Cyber Criminals

adminsmec

DRaaS Over Traditional DR

adminsmec

Leave a Comment