Sandboxing is one of the best ways for organizations to tackle advanced persistent threats. What is this, and why should your firm be considering introducing it?
Cyber threats are now one of the biggest dangers to any business. Not only could such an incident cause significant disruption to mission-critical operations, it can also damage a firm's reputation and leave it on the hook for potentially millions of dollars in fines and compensation.
Indeed, recent figures from Kaspersky Lab puts the average cost of a data breach in North America at $1.3 million for a large enterprise, or $117,000 for small companies. This includes costs such as loss of business, the need to hire external consultants and additional internal staffing costs.
Therefore, it's vital that companies have strong defenses in place. But in today's fast-evolving environment, where hackers and security pros are engaged in a constant cat-and-mouse battle, tools such as antimalware software and firewalls won't be enough. Increasingly, businesses will have to depend on solutions like sandboxes if they want to be sure they are truly protected.
What is sandboxing?
Essentially, a sandbox is an isolated environment that mimics a computer system, but crucially, has no connection to any outside network. This allows you to open applications and attachments, run code and observe the impact it has on the system, in the knowledge that it will mirror the effect it would have in a live environment.
This means you can open and examine any suspicious programs safely and observe their behavior in order to establish whether they contain any threats, such as malware, without exposing the company's actual IT environment to any risk. If they prove not to be dangerous, they can then be allowed onto the live network, or blocked if they contain harmful code.
Does my company need one?
With cyber threats such as malware and advanced persistent threats (APTs) becoming much more sophisticated and their creators going to greater lengths to evade detection by traditional security solutions, a sandbox environment is a vital line of defense for any enterprise, as it allows them to understand threats that have been designed to bypass other solutions.
It is particularly useful when it comes to tackling APTs, as these types of threats use custom-developed targeted attacks to gain access to a network and remain undetected for long periods of time. As these are often designed in direct response to a business' security systems and tailored to counter them, it can be very difficult for standard antimalware solutions to detect them. However, with a sandbox, they can be identified and blocked before they have a chance to infect a live network.
Isn't it just for large enterprises?
Many smaller enterprises may therefore believe a sandbox solution will not be necessary for their organization, as they do not possess enough valuable assets for criminals to bother devoting time to craft tailored attacks. However, this would be a mistake. In fact, smaller companies are seen as increasingly attractive targets for hackers as they are known to have weaker security defenses than larger enterprises, and can often therefore be used as a 'backdoor' to access enterprise networks.
For example, the attack on retailer Target that compromised point of sale machines and led to the credit card details of 40 million customers being stolen wasn't the result of a direct attack on the company. Instead, the criminals gained access via the firm's HVAC supplier, which had access to Target’s network. This illustrates how even small firms are now likely to come under targeted attack by hackers, a situation where sandboxing can prove an invaluable line of defense.
Kaspersky's research actually found that targeted attacks are the biggest threat to small and medium-sized businesses, so it is imperative that they have the right tools in place to tackle these risks.
How does it help maintain compliance?
Running sandbox solutions is likely to become even more important in the coming years as enterprises face a much tougher regulatory environment than in the past. One of the most important changes will be the introduction of the GDPR in the EU next year, which will see penalties for serious data breaches raised up to €20 million or four percent of an organization's global turnover - whichever is higher.
Crucially, the rules won't just apply to companies based in the EU - it will affect any organizations that hold personal data of EU citizens. Therefore, it's something that every enterprise will have to prepare for. And sandboxing can go a long way towards mitigating risks and reducing the chances of a breach.
Engaging in sandboxing to test how personal data is used can help ensure that any information being used in development and testing is clean and free from threats, so there is no risk of breaches occurring in live environments, thereby keeping businesses in compliance with key regulations.
Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals. To view more IT content, click here.