The Productivity and Protection of Cloud Sandbox

Sandbox file detonation flow

The Sandbox can be easily fine-tuned with flexible actions for various criteria, to offer enhanced coverage for files originating from suspicious sites and those sent to targeted employees. This ensures a more robust and adaptive security posture, effectively mitigating potential threats. Below is a diagram outlining how the Sandbox handles file analysis.

Let's focus on the flow with the Sandbox-Browser Isolation flow. Once the unknown file matches quarantine action, a customizable end user message appears to employees (seen below noting potential analysis wait time), making them aware of the pending sandbox verdict before the file is allowed to be downloaded. At this point the user is waiting for the file that they need for work, which is why a flattened PDF can be used immediately for productivity. If found benign, the original file is allowed to be downloaded.

While this solution is great for comprehensive protection from unknown files, customers requested immediate sanitized file downloads to continue work rather than wait on the original file verdict from the Sandbox. Zscaler added the Isolation integration flow to ensure the Microsoft Office supported and PDF files are content disarmed for immediate download--and productivity. Recently, as mentioned, Zscaler also added the Votiro Integration to provide the industry-leading CDR, covering more file types and to bring the original file to users with malicious content removed for complying to best practices against file-based ransomware protection.

The end-user gets the full flexibility to choose among different options, within the Browser Isolation session, depending upon the use case requirements. Once the file is Sandbox scanned and found to be benign, the original file can be downloaded to ensure productivity with comprehensive protection against targeted attacks.