Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.
However, todayâ€™s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and itâ€™s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.
A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.