Cloud Sandbox

Cloud Sandbox is an in-line, Cloud-based sandboxing system which can be engaged whenever a suspicious object can't be 'vouched for' using our in-line scanning and Threat Intelligence systems. 

While passing traffic through the Zscaler platform it's possible to evaluate the Cloud Sandbox end-user file quarantine experience by clicking here. (Username: security / Password: test)

The file will trigger the Cloud Sandbox to present the user an end-user notification informing them of the file status and next step, while in the background the file has been sent to the Cloud Sandbox for analysis.

Cloud Sandbox provides a detailed report of an evaluated file, providing not only the conclusion of the Zscaler Cloud Sandbox analysis, but the factors and details that make up the decision as to whether a file is either malicious or benign.

Functionality Overview

Because Zscaler Cloud Sandbox is always inline, you can easily hold onto files until verified as clean by the sandbox before delivering.

With Cloud Sandbox, the suspicious object is placed into a sandbox virtual machine and launched. The Cloud Sandbox system then looks very, very closely at the object's behavior in the virtual machine. If the object exhibits malicious behavior the user will be blocked from downloading the object.

Cover every user, regardless of location, from the cloud. On or off network, everyone gets the exact same protection.

Build granular policies by user, group, file type, and URL to easily control which files get quarantined and inspected.

Balance user experience with risk by building policies which either outright block an object for scanning, or alternatively, allow the user to download the object while Zscaler simultaneously sends the object to the Sandbox for analysis.

Get better threat intelligence, as zero-days identified are shared with all other Cloud Sandbox customers within seconds.

If a sandboxed object exhibits malicious behavior, not only will it be blocked for the organization whose user triggered the first analysis, but the details about this newly-discovered threat is immediately propagated across our entire global Cloud, so that every user at every organization is protected without the object ever needing to be sandboxed and analyzed again.