Every computer, laptop, tablet and mobile phone connected to your network represents a vulnerable endpoint for viruses, worms, spyware, rootkits, trojan horses and other malicious software – all of it designed to either disrupt your operations or gain access to proprietary data and information.
A 2012 report places the average global cost for computer security breaches at all-time high of $136 per record. Examples of stolen information include payment transactions, employee records, social security numbers, financial data and proprietary research. Add to this the loss of reputation with customers, prospects and business partners and it’s easy to see why endpoint security has no longer become an option but a front-line priority.
Antivirus systems use a file called a “blacklist” to prevent such attacks by determining which programs are safe to run. The problem is that a blacklist requires that a threat has already been identified, diagnosed and the Antivirus system’s blacklist file updated. Given the unidentified nature of malware attacks, it’s impossible for a blacklist to be up-to-date 100% of the time for 100% of the threats.
What this means is that no protection can be complete unless it addresses the gray area where a program is not on a blacklist as a known threat and also not on a whitelist as confirmed safe.
A sandbox addresses this gray area by enabling you to safely run suspected programs in a virtual environment. By sandboxing a program, you prevent it from making any permanent changes to your files or system. If the program turns out to be malicious, no harm is done.
In addition to blacklists, security systems that utilize sandboxes incorporate antivirus scanning to spot potential threats. Antivirus scans leverage heuristics, a process that analyzes a program’s behavior as well as similarities with known viruses. If a program is considered dangerous, it is segregated and run safely in the sandbox.
Heuristics work well but still fall short of being able to guarantee total protection. Like a blacklist, they must first detect a threat in order to deal with it – and there will always be some percentage of threats that cannot be identified by a scanner.
The only way to ensure a sandbox is providing you complete and guaranteed protection is to incorporate a Default Deny strategy.
Default Deny refuses all files permission to install or execute outside of a sandbox except when specifically allowed by the user or when the file appears on an established whitelist that identifies binaries that are known to be safe.
The benefit of Default Deny is that it closes the hole that other antivirus systems leave open. Where other antivirus solutions are limited to protecting you against files they are able to recognize as dangerous, Default Deny is the only strategy that protects you against any file not fully confirmed as safe. Default Deny authenticates every executable and process running on your computer and prevents them from taking actions that could harm your files.
Equally important, Default Deny strategy enables you to access and work with the files as they execute within the sandbox’s virtual environment. The result is total guaranteed protection without the loss of time, money or productivity.