Table of Contents
Advertisement
How to Use Sandboxing to Detect Unknown Malware
The traditional security service such as Anti-Virus and IDP are signature-
based solution, so they have no chance to detect unknown threats.
ZyWALL ATP enhances UTM service and integrates Sandbox solution as a
second layer of defense to detect and mitigate advanced threats. Zyxel
Sandbox is a cloud-based service that can identify previously unknown
malware. Each new threat discovered by Sandbox will be converted to
known signatures in the cloud threat database of Anti-Malware. The Anti-
Malware examines file for threats before deciding to block or pass to
Sandbox. If the file has never been inspected by Sandbox, ZyWALL ATP
copies this file to the caches and then forwards the file. A copy of the file
is sent to Sandbox for analysis and the analysis result is recorded on
device's local cache. Once ZyWALL ATP detects the file again, it can
identify the file and take the action based on the previous analysis result
on local cache. With the cooperation of Anti-Malware, ATP can
immediately block threat which previous detected by Sandbox. This
example illustrates how to configure Sandboxing on ATP gateway to
detect unknown malware.
Figure 1
Using Sandboxing to Detect Unknown Malware
Note: All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses. This example was tested using
the ATP200 (Firmware Version: ZLD 4.32).
www.zyxel.com
595/810
Advertisement
Table of Contents
