Scribd
Upload
67 views

NSE 2 Sandbox Script - EN

Uploaded by

Prasann Patel
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
67 views

NSE 2 Sandbox Script - EN

Uploaded by

Prasann Patel
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Hello!

In this lesson, we will explain what a Sandbox is, Why it was invented, and How
it has evolved.

A sandbox, within the computer security context, is a system that confines the actions
of an application, such as opening a Word document or a browser, to an isolated virtual
environment. Within this safe virtual environment, the sandbox studies the various
application interactions to uncover any malicious intent. So if something unexpected or
dangerous happens, it affects only the sandbox, and not the other computers and
devices on the network.

Sandbox technology is typically managed by an organization’s information security


team, but is used by network, applications, and desktop operations teams to bolster
security in their respective domains.

Threat actors exploit vulnerabilities in legitimate applications to compromise the device,


and from there move through the network to infect other devices. Exploiting an
unknown vulnerability is known as a Zero-day attack. Before sandboxing, there was no
effective means to stop a zero-day attack. Firewalls and antivirus software could stop
known threats, but they were helpless against zero-day attacks.

A sandbox provided an isolated virtual environment that mimicked various computer


devices, operating systems, and applications. It allowed potential threats to play out
within the safety of these virtual systems. If the sandbox concluded that the suspicious
file or activity was benign, no further action was needed. However, if it detected
malicious intent, the file could be quarantined or the activity could be stopped on the
real device.

Many of the early sandboxes failed to tightly integrate with other security devices within
the network. While a sandbox might identify and defeat a zero-day attack, this vital
threat intelligence was not always shared with the other network security devices in a
timely fashion. However, the failure to communicate and coordinate had less to do with

2
a defect of sandbox technology than a security architecture that was built upon point
solutions. Point solutions, which could not be fully integrated into other vendors’
products, meant that the security operations center (SOC) required a management
console for each product. So, attempts to aggregate threat intelligence data was
difficult and time consuming.

The Second-Generation Sandbox came about to correct the siloed, piecemeal approach.
Sandboxes were equipped with more integration tools or partnered with other product
vendors to improve integration. As a result, they could share threat intelligence with
other security devices, such as Firewalls, Email gateways, Endpoints, and other
Sandbox devices more effectively. The new approach to network security allowed
analysts to correlate threat intelligence centrally and Respond to threats from a single
pane-of-glass. Moreover, an integrated network security environment could share
information to a threat intelligence service in the cloud, which could be pushed to other
networks.

Today, threat actors are innovating automation and Artificial Intelligence AI techniques
to accelerate the creation of new malware variants and exploits, and to discover
security vulnerabilities more quickly, with the goal of evading and overwhelming current
defenses. To keep pace and accelerate detection of these new threats, it is imperative
that AI-learning is added to the sandbox threat analysis process.

AI-driven attacks necessitated a Third-Generation Sandbox based on a threat analysis


standard. Also, it needed to cover the expanding attack surface of businesses due to
the digital transformation. The digital transformation refers to the movement of
business data, applications, and infrastructure to the cloud.

The challenge of standards-based threat analysis arose due to the struggle to interpret
and understand cyber threat methods, which hampered effective responses. MITRE, a
non-profit organization, proposed the ATT&CK framework that describes standard
malware characteristics categorically. Many organizations embraced MITRE ATT&CK as

3
a standard for threat analysis. So, it became necessary for security products to adopt
the MITRE ATT&CK framework. It provided security devices with a common language in
which to identify, describe, and categorize threats, which could be shared with and
readily understood by other vendor devices.

Lastly, as more businesses adopt digital transformation, there are new organizations or
parts of organizations exposed to attacks. One such example is the Operational
technology (OT) industry, which includes utilities, manufacturing, oil and gas, and many
others. Traditionally, OT kept their operational networks internal and separate from
their corporate business networks, but increasingly OT networks access corporate and
third-party vendor networks. Another example is organizations that offer Applications,
Platforms, and Infrastructure as services in the public cloud—AWS and Azure to name a
few. They host applications for other businesses, which are accessed through the
Internet. These new areas require similar protection against zero-day threats to
minimize business disruption and security risks. As a result, sandbox technology evolved
to provide wider coverage to these areas and others as they develop.

The Fortinet sandbox product is named FortiSandbox™ and it embodies all of the latest
technologies discussed here. It integrates with other security products in a collective
defence called the Fortinet Security Fabric. A critical piece of the Security Fabric is
FortiGuard® Labs, which brings AI learning and other threat intelligence services to
sandbox technology.

Thank you for your time, and please remember to take the quiz that follows this lesson.

You might also like