Protection from new threats
with sandbox behaviour analysis

Cloud-based sandbox technology

Sandbox solutions get started where traditional virus scanners stop: Thanks to dynamic behaviour analysis, sandbox solutions can recognize malcode that is below the radar of conventional security solutions.

As part of iQ.Suite Watchdog, the innovative sandbox technology allows you to test files and documents for damaging behaviour under realistic conditions in a secure cloud environment. Malware that masks malicious behaviour or does not activate immediately is also identified. You are in control of which files are uploaded to the cloud and analyzed.


Strong in interplay

To achieve best possible results and maintain high performance, it is recommended to use multi-level virus and spam protection as available in iQ.Suite Watchdog and Wall. The next step is to send the remaining unknown threats to the sandbox for comprehensive analysis.


The 4 steps of sandbox analysis

1 Hash values of suspicious files are compared to hash values of known malware.

2 If the file is known, in the case of a positive response it will be delivered and in the case of a negative response it will be placed in quarantine.

3 If the file is unknown, an anonymous copy of the suspicious file is sent to the sandbox, executed in a secure cloud environment and analyzed. Depending on the evaluation, the file is either delivered or rejected.

4 In the last step, forensic reports are created for every incident, providing additional insight and context information.

Your Benefits
  • Protection against unknown malware
  • Dynamic behaviour analysis of files and documents with executable content
  • Support for various operating systems (Windows, Mac OS X, Android)
  • Detect malware camouflage techniques
  • Select file formats to be analyzed
  • Provision of comprehensive threat information
  • Supported file formats
    Executable files, e.g. EXE, COM and DLL
    MS Office documents including macros, e.g. XLSX, DOCM and RTF
    PDF documents
    Archives, e.g. ZIP, RAR and CAB
  • No local sandbox installation