“The early success of sandbox-based appliances can be attributed to the fact that malware variants were never designed with such protection mechanisms in mind. Instead, these samples were focused on breaching traditional anti-virus and firewall solutions. This enabled them to breach traditional security solutions with zero-day (quick) attacks very frequently,” Katkar said.
“But now that more enterprises are using these advanced threat protection sandbox-based appliances, new malware variants are being designed with an aim of penetrating this specific protection mechanism,” he said.
He said companies need to consider and implement multiple layers of protection to safeguard networks.
“FireEye and others believe that the current anti-virus solutions and endpoint protections (EPS) are useless. In reality, the current malwares have been designed keeping in mind only End Point Security (EPS) and their main challenge is to pass EPS security and that is how the malwares have been designed/tested and released,” he said.
With more organisations starting to use sandboxed appliance like FireEye or FortiSandbox, the newer malwares are being designed with these protection in mind, he said.
“Thus, new malware can easily bypass these security solutions and land up in user’s inbox and network,” Katkar added.