About UsBlog

Sandbox

Sandbox

In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.

In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.

The most popular products in category Sandbox All category products

Fortinet FortiSandbox
14
4
Check Point SandBlast
3
12
Palo Alto Networks WildFire
0
9
McAfee Advanced Threat Defense
1
2
Cisco Advanced Malware Protection (Cisco AMP for Endpoints)
1
2
Forcepoint Advanced Malware Detection
15
2
Trend Micro Deep Discovery Analyzer
12
5
Blue Coat Systems Advanced Threat Protection
20
15
FireEye Malware Analysis (AX)
0
19
Proofpoint Targeted Attack Protection
2
7
Zscaler Cloud Sandbox
17
11
Digital Guardian Advanced Threat Protection
9
16

Compare of products in the category Sandbox

Please turn the screen for optimal content display

Compare: Network Sandboxing

Characteristics

Web traffic scan

Email scan

Endpoint protection

Mobile protection

Malware Detection in files

Encrypted traffic scan

Network shares scan

YARA files scanning

YARA implementation by customer

Malware blocking by protocols

CPU-level detection

OS kernel level detection

Malware Samples

Zero-day threats protection

Detecting C&C server

Hardware Applience

Working in in-band/out-of-band modes

Cloud

Threat Intelligence Feeds

SIEM Integration

Vulnerability manager

Uploading "Golden Image"

Using Multiple OSes

Multiple Versions of Sandbox App

Payload detonation

Auto-uploading files

URL analysis

Analyst console

Security Reports

Alerts via Email

Central Policy Management for Data Protection

Forensic analysis of data history

Automated remediation capabilities

Auto Update of Signatures

Trial

N/A
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes (must be integrated with FortiMail for threats blocking)
N/A
Yes
N/A
Yes
N/A
N/A
N/A
N/A
Yes
N/A
N/A
N/A
Yes
N/A
Yes (with FortiGate and FortiWeb integrations)
N/A
N/A
Yes
N/A
Yes (using a third-party solutions)
Yes
  • N/A
  • Periodic reports
  • Contextual reports on threats
  • Periodic reports
  • Contextual reports on threats
  • Periodic reports
  • Contextual reports on threats
  • Periodic reports
  • Contextual reports on threats
  • N/A
  • Periodic reports
  • Contextual reports on threats
  • N/A
  • Periodic reports
  • Contextual reports on threats
  • Periodic reports
  • Contextual reports on threats
  • Periodic reports
  • Contextual reports on threats
  • Periodic reports
  • Contextual reports on threats
  • N/A
  • Periodic reports
  • Contextual reports on threats
  • Periodic reports
  • Contextual reports on threats
N/A
Yes
Yes
Yes
Yes
Yes
Yes
Yes
N/A
Yes
Yes
Yes
Yes (30 days)
N/A
Yes
Found mistake? Write us.

F.A.Q. about Sandbox

What is the sandbox?

The sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.

What is the use of the sandbox?

Besides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.

Not having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.

Which things can you NOT do with the sandbox?

All the things that do require root permissions on the device.

It is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.

Which hardware interfaces are available in the sandbox?

Serial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).

Via the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.