When in doub—test for certainty. Modern threat detection and filtering technologies help filter out the vast majority of threats out there on the Internet.
These threats are typically known and detected by their signatures or come from a known bad source and therefore blocked because of its source’s reputation. It can even be possible to detect malicious files with heuristic methods—predicting what the file will do based on certain characteristics. But when the file is completely unknown; this is when a different approach is needed.
SOLVING THE PROBLEM
Sandboxing enables you to execute files in an isolated environment, out of the network. Advanced Threat Inspection decrypts data stream and intercepts the file—and if it, after scanning, remains uncertain about the file’s intent, it then gets forwarded to the Sandbox.
The Sandbox simulates a complete Windows environment and executes the file as a user would—while file behaviour is monitored and reported back to the administrator. A sandbox should be safely hosted in the cloud to provide controlled detonation outside the secure perimeter.
A sandbox provides a controlled, contained environment to try out the file and is the ideal way to accurately predict what the file’s true intentions are. It will perform an impact analysis and reporting back to the administrator. It’s run as-a-Service with no on-site hardware required.
Isolated detonation of suspicious executables
Impact analysis and report