Sangfor's ZSand is sandboxing technology designed to detect previously unknown malware. Suspicious files are captured by Sangfor’s NGAF and sent to ZSand for processing. ZSand contains a set of safe virtual environments that mimic an actual victim’s OS, files and applications. The suspicious files are then executed or detonated in this controlled environment where behaviours such as file access, registry edit, process and network activities can be monitored and analysed.

Sandboxing then shares relevant IOC and malware behaviour report with Neural-X’s Threat Intelligence. Neural-X uses this data to enhance its analysation capability, eliminating the need for a second round of sandboxing and providing timely protection to customers who are connecting to Neural-X via network and endpoint solutions. Customers, security researchers and botnet researchers benefit from the vast amount of real-time data, making the business of network security proactive and exponentially more effective.

ZSand supports executable files and scripts in both Windows and Linux operating systems. In recent tests, it has accurately detected ransomware families including GandCrab, Zusy, GlobeImposter, and LockCrypt.