Organizations are under assault by a new generation of cyber attacks that easily evade traditional signature-based defenses. These coordinated campaigns are targeted. They are stealthy. And they are persistent. 

Aware that their signature-based defenses fall short, several IT security vendors are touting sandbox products. But most are merely grafting a sandbox onto their legacy strategies, which routinely fail to catch these attacks. These new attempts fail due to the same old flaws.

In this paper you will learn:

  • How advanced malware detects and evades sandboxes
  • How file-level analysis can miss the crucial exploit phase of an advanced attack
  • How most sandboxes see only part of the picture in multi-vector attacks
  • The privacy, compliance, and latency issues inherent in cloud-based sandboxes
  • How FireEye’s Multi-Vector Virtual Execution (MVX) engine differs from the backward-looking technologies of sandbox vendors 

Debunking the Myth of Sandbox Security 

Complimentary White Paper


First, many sandbox approaches rely on widely available hypervisors. Threat actors have access to these hypervisors — including source code in some cases — and write their malware to exploit or evade them*. Using a variety of evasion techniques, sandbox-aware malware simply lies dormant when executing in a sandbox environment. Detecting no unusual activity, many sandboxes let the malware pass.

Second, most sandbox approaches use file-level analysis. This approach has several flaws. Targeted malware is programmed to activate on specific system configurations. File analysis in a generic system may miss such malware, leading to a false sense of security. In other cases, malware files package and morph themselves to evade simple file analysis.

*Marc Solomon (SecurityWeek). “It's Time to Think Outside the Sandbox.” March 2013.

To read more, complete the form to the right.

Download the Report

© 2017 FireEye, Inc. All rights reserved. Privacy Policy. FireEye on Facebook    FireEye on Twitter    FireEye on LinkedIn    FireEye Blog: Malware Intelligence Lab