New Sandboxing Techniques a Silver Bullet for APTs? Not So Fast

Paula Musich
Paula Musich

Summary Bullets:

  • Sandboxing to discover malware is not new, so what makes these latest techniques more effective?
  • How well do these new sandboxing solutions avoid being detected by the malware sample?

The latest silver bullet aimed at shooting down those stealthy advanced persistent threats (APTs) or targeted attacks that make it past more traditional defenses, on display at the recent RSA conference, may or may not hit the mark.  Several anti-malware vendors announced new sandboxing technologies, despite the fact that sandboxing is not a new malware identification technique.  It is in fact at least 10 years old by Norman Data Defense Systems’ reckoning.  Norman claims it has a patent on the technique that dates back 10 years.  Of course, all the vendors jumping on this bandwagon, including McAfee, Fortinet, Check Point, and Trend Micro, are hoping to replicate some of the success that FireEye is seeing.  FireEye appears to be the latest hot independent security company; it markets an on-premises device that can examine e-mail attachments and content downloaded from a Web site.  Just last month, FireEye received a new $50 million venture funding injection (on top of an existing $55 million round), and former McAfee CEO Dave DeWalt has been hired to run the company, which appears to be angling for an IPO.  These latest sandboxing developments follow Palo Alto Network’s year-old cloud-based sandboxing service. Continue reading “New Sandboxing Techniques a Silver Bullet for APTs? Not So Fast”