What is actually... Security Fabric and Synchronised Security?

For a long time, the large IT security manufacturers such as Fortinet or Sophos have been courting customers. For years, the market in the area of endpoint security has stagnated and the manufacturers fight for every contract signed. One can already speak of a predatory strategy here, as the manufacturers advertise with generous discounts and special offers for a change of manufacturer.

But endpoint security has long since ceased to be the manufacturers' flagship product. In recent years, the entire marketing fleet of the manufacturers has increasingly been directed towards the topic of firewalls, or next-gen firewalls. Simple firewall rules based on IP networks and ports were yesterday's news. Advanced thread protection, web application firewall and application control can now be found in every data sheet, no matter how nice. One would think that everyone is well protected.

However, for some months now we have been experiencing that all these achievements do not really help against the new types of threats. So what does a manufacturer do at this point? Correct - a new product or service is developed, which we know under many terms. Zero Day Protection and Sandboxing are just two common terms. For the time being, manufacturers were satisfied with cloud-based solutions. The worldwide turnover proved the manufacturers right that they had backed the right horse. However, this calculation was made without the German market. Even though cloud computing is a perennial topic in every trade journal, from our experience German companies are not particularly cloud-affine. Here, too, we are noticing the change that more and more manufacturers are also offering local sandbox solutions or are in the process of developing them.

But what does this have to do with the words Security Fabric or Synchronised Security?

More and more solutions want to be administered or configured at a central point. German SMEs do not have the resources needed to run an entire IT department with countless specialist departments. An ever-increasing number of solutions should be administered as simply as possible at a central point. But this is only one aspect of the above-mentioned concepts. The trend of IT security manufacturers is now towards all IT security solutions being able to communicate with each other and exchange information about current threats. The future will see endpoint protection telling the firewall that the computer is compromised and the firewall blocking all communication from the client, as well as "warning" the other devices in the network.

The buzzwords "Security Fabric" from Fortinet or "Synchronised Security" from Sophos are therefore something we will probably read or hear more often in the future.

What is a sandbox good for anyway?

Especially in today's world, where communication via the internet has become almost indispensable, it is more important than ever that a company is not only reachable via the internet, but also protected against threats from the internet.

Classic e-mail is still one of the most popular points of attack, as it is the easiest to reach. The methods of malware and attacks, on the other hand, have become increasingly sophisticated.

To protect the network and company data, suspicious files are first sent to the sandbox to be analysed there. Not only is a virus scanner active, but a behavioural analysis is also carried out. This allows the suspicious file to be examined to see if it really does what it claims to do, without bringing unwanted additional content, as with the Trojan horse from mythology. All this before the file has even arrived on the local company network. You can compare this to a controlled detonation of a bomb in a secured area.

What is the advantage of a local sandbox over a cloud-based solution?

A local sandbox has several advantages. The files do not have to be sent to a server on the internet, which saves time and bandwidth. It also makes it easier to implement data protection guidelines, as no data is transmitted to third parties. Everything remains in the company network. Especially companies that depend on their data being specially protected see the advantage of not sending the data to third parties for analysis. Moreover, one retains full control over the data and can determine exactly how the security solution should behave.

Whether the purchase of a sandbox protection solution is necessary must ultimately be decided by each entrepreneur. It depends on many factors, such as how large the company is, how strongly the company network needs to be protected and whether such a purchase would pay off at all.

There is definitely added value. A sandbox analysis of data definitely complements existing antivirus, firewall and endpoint protection solutions. No single solution offers 100% secure protection, but the layered model of current security platforms reduces a company's attack surface immensely.