Pandora’s Sandbox: Why Sandboxes Are Powerless Against Browser-Borne Threats
Sandboxing is a venerable granddaddy of cybersecurity solutions. Since the early 1990s, it has proven successful at unearthing dangerous files before they get onto endpoints and networks. However, in the era of smart browsing and even smarter hackers, many of the ills of the internet have begun swarming out of the sandbox, making sandboxes look more like Pandora’s box, with only hope remaining within.
How have malicious agents suddenly managed to break open sandbox lids so malware can swarm out? And if sandboxes no longer suppress threats, how can we contain and root malware out before it can breach critical infrastructure? Let’s take a look.
The sandbox story
What exactly is a ‘sandbox’? Just like the sandboxes found in a playground, cybersecurity sandboxes are enclosed areas where scenarios are played out. But unlike the sandboxes where imaginative castles and moats of child’s play remain, cyber sandboxes are just a stopping point where files and programs are tested until proven safe.
In recent years, the ability of traditional sandboxes to succeed in their “test until proven safe” mission has eroded as surely as sandcastles in a storm. Here’s why:
- Sandboxing is s-l-o-w since all file activities must be tested prior to release and users, who need results now, simply can’t (or won’t) wait until testing is complete
- To access necessary, out-of-box functions like printing, sandboxed software requests access, which users generally grant, allowing the lid to slide off the box – and malware to spread
Sandboxes – and hackers – get smarter
To address these drawbacks, cyber defense leaders have beefed up the sandboxing concept by leveraging heuristics, analytics and artificial intelligence, and integrating them with detect-and-block cyber solutions. These smarter “next gen” sandboxes accelerate analysis and reduce human error when it comes to granting access permission and releasing files.
But quick as you can say “increased security,” savvy hackers are on the case, creating malware that innocently waits out the sandboxing period and only activates malicious activity once it’s released. The cat-and-mouse games between developers and black hat hackers will keep both employed and busy, respectively, for a long time to come.
Sandboxes will continue to improve at identifying files that are malicious – and hackers will continue to develop ways to wait out their stay in the sandbox, en route to juicier targets – your organizational systems.
Browser-borne threats sidestep the sandbox
While sandboxes remain an important, though not foolproof, layer of defense against software and files, many malicious agents are focusing their efforts on browser-borne threats that leave sandboxes in the dust.
Here’s how: Within today’s browsers, millions of tiny programs execute without being downloaded. The ability to usher outside activity from the Internet directly onto endpoint computers, without downloading files, is intrinsic to the design of browser-executable code. It’s what makes browsers so powerful… and so very dangerous.
These tiny applications run constantly, in real time, as users browse websites. Since they’re never downloaded, these apps never get to the sandbox, so they can’t be sealed in to cool their heels while being observed, on the way your endpoint. Sandboxes, which can contain only files and not apps, are powerless to stop them.
Protecting against the Pandora’s Box of browser-borne threats
So how can browser-borne code be prevented from introducing malware and fileless exploit kits that quickly spread from endpoint to server, and throughout the organizational network? Since it cannot be quarantined until proven benign, web content must be isolated permanently from endpoints from which it can spread.
Download Digging Outside of the Sandbox, our free whitepaper today to learn how Remote Browser Isolation can protect your organization against browser-borne threats that sandboxes can’t handle.
With the Pandora’s Box of the web wide open, smart organizations must bring all defenses to bear on the threats that continue to swarm out. Sandboxes, anti-virus solutions, firewalls, URL filtering, and secure web gateways all play important roles in a strong defense-in-depth strategy, but just aren’t enough. Read more about how your organization can get the full protection it needs.
If you liked this article you might also be interested in some of our latest blog posts: