Innovation Overview
Sangfor's ZSand is sandboxing technology designed to detect previously
unknown malware. Suspicious files are captured by Sangfor’s NGAF and sent to
ZSand for processing. ZSand contains a set of safe virtual environments that
mimic an actual victim’s OS, files and applications. The suspicious files
are then executed or detonated in this controlled environment where
behaviours such as file access, registry edit, process and network
activities can be monitored and analysed.
Sandboxing then shares
relevant IOC and malware behaviour report with Neural-X’s Threat
Intelligence. Neural-X uses this data to enhance its analysation capability,
eliminating the need for a second round of sandboxing and providing timely
protection to customers who are connecting to Neural-X via network and
endpoint solutions. Customers, security researchers and botnet researchers
benefit from the vast amount of real-time data, making the business of
network security proactive and exponentially more effective.
ZSand
supports executable files and scripts in both Windows and Linux operating
systems. In recent tests, it has accurately detected ransomware families
including GandCrab, Zusy, GlobeImposter, and LockCrypt.
