Organizations are under assault by a new generation of cyber attacks that easily evade traditional signature-based defenses. These coordinated campaigns are targeted. They are stealthy. And they are persistent. 

Aware that their signature-based defenses fall short, several IT security vendors are touting sandbox products. But most are merely grafting a sandbox onto their legacy strategies, which routinely fail to catch these attacks. These new attempts fail due to the same old flaws.

In this paper you will learn:

  • How advanced malware detects and evades sandboxes
  • How file-level analysis can miss the crucial exploit phase of an advanced attack
  • How most sandboxes see only part of the picture in multi-vector attacks
  • The privacy, compliance, and latency issues inherent in cloud-based sandboxes
  • How FireEye’s Multi-Vector Virtual Execution (MVX) engine differs from the backward-looking technologies of sandbox vendors 


Debunking the Myth of Sandbox Security 

Complimentary White Paper

Preview

First, many sandbox approaches rely on widely available hypervisors. Threat actors have access to these hypervisors — including source code in some cases — and write their malware to exploit or evade them*. Using a variety of evasion techniques, sandbox-aware malware simply lies dormant when executing in a sandbox environment. Detecting no unusual activity, many sandboxes let the malware pass.

Second, most sandbox approaches use file-level analysis. This approach has several flaws. Targeted malware is programmed to activate on specific system configurations. File analysis in a generic system may miss such malware, leading to a false sense of security. In other cases, malware files package and morph themselves to evade simple file analysis.

*Marc Solomon (SecurityWeek). “It's Time to Think Outside the Sandbox.” March 2013.

To read more, complete the form to the right.

Download the Report

© 2018 FireEye, Inc. All rights reserved. Privacy Policy. FireEye on Facebook    FireEye on Twitter    FireEye on LinkedIn    FireEye Blog: Malware Intelligence Lab