Email Sandboxing is Essential for Blocking Zero Day Threats

Cyberattacks on businesses are most commonly conducted via email and businesses can protect against these attacks with an email security solution; however, not all email security solutions include email sandboxing. If you do not have an email security gateway or a cloud-delivered email security solution that includes email sandboxing, dangerous emails are likely to be delivered to your employees’ inboxes where they can be opened.

Modern email security solutions are very effective at blocking spam emails. SpamTitan, for instance, has an industry leading spam catch rate of 99.99%, so only a tiny percentage of unwanted emails are delivered to employee inboxes. Email security solutions are also good at blocking malware. SpamTitan blocks 100% of known malware using dual anti-virus engines and is far from the only email security solution to do so.

The problem is anti-virus engines, no matter how many are used, are only effective at blocking known malware threats as they are signature based. In order for malware to be identified as such, the malware-definition lists of anti-virus engines must include the malware’s signature. Anti-virus engines are continuously updated with the latest threat intelligence, and when new malware variants are identified, their signatures are added to the malware-definition lists. With SpamTitan, threat intelligence comes from a network of 650 million endpoints worldwide, so when a new malware threat is identified on any of those endpoints, all devices linked to that network will be protected against the threat in a matter of minutes.

While SpamTitan has excellent coverage in this regard, there is a problem. There is a delay between a new malware variant being used in attacks and the signature being added to the malware-definition list. That delay is a security gap, and an infection could occur during that window of opportunity. Fortunately, that gap can be plugged with email sandboxing.

Email Sandboxing Protects Against Zero-Day Threats

If a new malware variant is released that has not previously been seen, email security solutions will not be able to detect the threat unless they also include behavioral analysis tools such as email sandboxing. An email sandbox is a secure, isolated virtual environment where emails are sent when they have passed other checks such as antivirus scans but meet certain criteria, such as including a previously unknown hyperlink or an email attachment.

The sandbox emulates a real device complete with an operating system; however, no threat can escape the sandbox and cause any damage. When an email attachment, such an executable file or a Word document with a macro, is sent to the sandbox, it is opened or executed, and its behavior is analyzed for signs of malicious actions. Malicious actions could be a C2 callback, an attempt to install files on the hard drive, or a file that is downloaded from the Internet. If an email with an unknown hyperlink is sent to the sandbox, the link is followed, and the behavior is similarly analyzed.

When threats are identified, the emails are sent to a quarantine folder where they can be checked by administrators – not individual employees – and the emails can be released if the security team determines they are benign. Correctly identified threats can be analyzed in more detail to gain insights into the nature and origin of the attack. Once a threat is confirmed, threat intelligence is sent to all other devices protected by the email sandboxing feature. If that threat is encountered elsewhere, it will automatically be blocked.

Without email sandboxing, these zero-day threats would be delivered to inboxes where they are likely to be opened by the intended email recipients, which could result in the theft of credentials, compromised accounts, data breaches, or a malware or ransomware infection.

Do I Really Need Email Sandboxing?

A decade ago, email sandboxing would probably have been considered overkill for many businesses as new malware threats were not being released at anywhere near the rate they are today. The delay between the discovery of malware and the signature being uploaded to AV engines would not have been a major issue. However, today, many variants of the same malware are used in attacks to bypass signature-based detection mechanisms and targeted attacks involving advanced persistent threats and spear phishing are much more common. Today, email sandboxing is important for all businesses.

Fortunately, you can block zero-day email threats without breaking the bank. If you switch from your current email security solution to SpamTitan, which includes a Bitdefender-powered email sandbox and award-winning machine learning and behavioral analysis technologies, not only will you be better protected against zero-day threats, you might discover you can also save money on email security.

Call TitanHQ to find out more about SpamTitan pricing and take advantage of the free trail of SpamTitan Email Security with sandboxing for 30-days. For the duration of the trial, you will have access to the customer service and technical teams to help you get the most out of the trial and you will be able to see for yourself how good SpamTitan is at blocking threats and how easy the solution is to use. Many businesses discover they can improve protection and save thousands on email security!