Sandboxing technology: A safety net for online threats

Author: Andrew Avanessian, EVP of Consultancy and Technology Services at Avecto

According to figures from the Australian Bureau of Statistics, 83% of the Australian population accessed the internet last year, and in the workplace, more and more time is spent online.

Today’s technologically enabled workers expect full access to online content in order to do their jobs effectively. With the rising influence of Generation Y, an increasing number of employees expect to be able to access social media and other personal content at all times too. Indeed, K3 Managed Services found that 14% of the workforce spends almost 50% of their time surfing the internet for personal use.

It's perhaps unsurprising then that IT security breaches are at their highest level in history, with the 'McAfee Labs threats report, fourth quarter 2013' noting 288,000 global malware samples each day - around 200 per minute. Symantec's '2013 internet security report' also found that data breaches have grown by 62% between 2012 and 2013. The Heartbleed virus affected an estimated 600,000 internet sites, while an experiment by McAfee in 2014 revealed that 80% of workers fall for a phishing email at least 14% of the time.

There are a number of security strategies that IT professionals can adopt to combat this rise in security breaches. But we know from research with Ponemon, as part of the Get on with IT campaign, that perceptions of effectiveness bias efforts towards managing traditional, reactive technologies—which may be easier to implement—rather than prioritising those which are proven strategies, likely to reduce time wasted elsewhere.

The report, entitled Cyber Strategies for Endpoint Defense 2014, found an average of 31% of staff have admin privileges, increasing the risk of insider threats. Avecto’s own analysis of Microsoft’s Security Bulletins, further substantiates the benefits of removing admin rights – mitigating 92% of Microsoft vulnerabilities. So why was minimising users with admin privileges deemed the least effective of eleven security controls in our research, even less effective than updating antivirus software, when significant sources of real world data analysis contradict this perception of effectiveness completely?

Ponemon found that IT and security professionals in the US spend 34% of their time managing user profiles and 48% securing the endpoint. The challenge is therefore to determine ways to improve the IT department’s productivity and free up time to be strategic, creative and profitable.

To ensure workers have the online freedom they need while preventing attacks, a holistic approach to security based on DiD (defense in depth) strategies is needed. To combat increasingly complex attack vectors, organisations need to adopt a layered strategy that prioritises high-impact solutions, such as privilege management, application whitelisting and patching.

However, sometimes advanced persistent threats can still slip through the net. Vulnerabilities in web browsers, Java and software such as Adobe Reader and Microsoft Office still exist and malicious code can enter a network as workers go about their daily tasks if the latest patches are not in place.

To close the gap, organisations can turn to sandboxing, which safely contains web threats, isolating any malicious activity. This final layer of defense allows individuals to browse the web freely, so that productivity is unaffected.

Layering and prioritising technologies

The Australian Department of Defence names application whitelisting and privilege management as part of its four key mitigation strategies, alongside patch operating system vulnerabilities and patch applications. By implementing these four quick wins, real world data shows that 85% of cyber intrusions can be stopped.

With a solid security foundation in place, the challenge is to find a solution to mitigate the biggest window of opportunity for malware to enter the network: the internet. Employees browsing websites carrying hidden threats or opening untrusted documents are becoming direct targets for attackers. Vulnerabilities in software and applications such as Java, Silverlight and Adobe Reader can result in an employee being unknowingly compromised simply by viewing a website or downloading a document.

So that user productivity is unrestricted, there is a need for internet sites and documents to be isolated from sensitive private data whilst still being viewable by the user—their online activity is protected by a safety net.

This is where sandboxing comes in. Effective sandboxing is seamless to the end user, keeping untrusted documents in a contained environment, preventing malware from executing.

Documents downloaded from the internet are automatically merged with the user's profile, allowing them to edit, save and print as normal while the file remains protected by the safety net of the sandbox. However, any private files are protected and when reopened, they will automatically remain isolated; increasing security without impacting on the user experience.

With solid security foundations in place with privilege management and application control, sandboxing is the natural third pillar in an effective endpoint security strategy.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Vulnerabilitiesdirectors for CSO Australiageneration yIT security breachesmalwareonline threatsEnex TestLabCyber StrategiesmcafeeAvectoHeartbleed virusPonemonAustralian Bureau of Statisticssocial mediaCSO AustraliaSandboxing technologyemployees

More about Australian Bureau of StatisticsCSODepartment of DefenceelevenEnex TestLabMicrosoftSymantecTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andrew Avanessian

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place