Owing to the onslaught of ever-evolving malware, firewalls will typically offload an inconclusive scan to a sandbox in order to properly identify whether content is safe or malicious.
This is how it works:
Your firewall will attempt to use Deep Packet Inspection scanning of network traffic against a continually updated malware database.
When the scan is inconclusive, because the traffic might contain new or never-before-seen malware, these are sent to a sandbox (which could be on premise or installed in the cloud) for further examination.
But here is the bad news. Current sandboxes are not real-time solutions and can take anywhere from a few seconds, to more typically, several minutes to several hours, before they can reach any sort of verdict on the safety of the file being analyzed. On top of that, depending on how many files the firewall sends for further inspection, these sandboxes can get overloaded.
In a business-oriented world where time means money, this sort of delay and unreliability would be unacceptable to owners and managers who are depending on safe content to arrive in real-time so that they can make their best business decisions.
The result is a compromise – if the sandbox does not give its verdict within a specific time, content is passed through, and if later on the sandbox concludes that was malicious, IT staff will need to go and remediate and figure out what could have been lost.
That victim endpoint, be it a server, workstation or OC, in Sandbox terminology, is termed as Patient Zero (not to be confused with the 2018 movie but somewhat similar in concept). Unfortunately, in a severe outbreak, this could be several endpoints; and in some cases, spanning up to complete network segments. The industry has been living with this concept for the last 5 years, and we are now being conditioned to accept it…
But what if we cannot afford any losses? What if we cannot have a Patient Zero? Can we be both extremely accurate while operating in real-time so that we do not have to take on such casualties?
This is why I get excited with the disruptive technology that the team here at Wedge has developed – namely, Wedge’s Absolute Real-time Protection! Wedge has combined patented Deep Content Inspection technology, that recreates content for complete visibility to its intent as it passes through the network, and orchestrates multiple security scanning engines and malware databases to be able to detect known malware, all topped with a deep learning AI Neural Network that can detect unknown malware. All of these pieces have allowed Wedge to create the industry-leading malware blocking solution that can detect and block malware in real-time at a detection rate of 99.97%! For the remaining 0.03% that comes up as grayware, we still block these, but they can be forwarded on to Wedge’s own optional Malware Analyzer service that utilizes cloud-based efficiencies to render verdicts faster than your average sandbox!
So, although Sandboxes have had their time in the spotlight as organizations attempt to improve on the reliability of malware detection, they have been proven to be too slow; and when overloaded they can still pass along malware. It’s time for the next generation of real-time detection and blocking solutions to shine. Sandboxes can now be replaced with Wedge’s Absolute Real-time Protection solutions!
Check out Wedge’s latest video that speaks to this new method of real-time network protection.