Upgrade your existing Clearswift Secure Email Gateway (SEG) with the next-gen Cloud-Sandbox from Sophos. This network sandbox offers state-of-the-art machine learning to provide an additional layer of security against ransomware and targeted attacks, but without any more systems to manage.
Enterprise grade protection that’s deployable in minutes with seamless integration into the Email Gateway.
Defense in depth
The use of multiple AV engines in Email Gateways is common-place, and the Clearswift SEG is no exception with the ability to use Sophos, Avira and Kaspersky anti-virus engines in parallel. To supplement this we built our own detection capability to detect, and optionally remove active code in documents. For customers who are worried about executable content entering their organization, there is a need for Sandbox technology to fully ensure that nothing that can cause harm can enter via email.
How it works
As messages arrive at the Gateway, they are submitted for AV scanning which will check using signatures and heuristics. Files with known malware are automatically blocked/deleted*, but executable, or has executable content that are considered suspicious by the Sophos AV engine will be further inspected.
Firstly, the hash of the file is checked in the Sandbox to see if the file has been seen by the sandbox. If it has, then its blocked/deleted as per policy, if not the file is submitted for scanning. When the file is being detonated by the Sandbox its behaviour is carefully monitored for tell-tail signs of malicious software.
Once the file has been scanned, the Sandbox passes the results of scanning back to the Gateway where the file will be blocked, dropped or subject to further checks, such as keyword search.
If the Sandbox deems the file as dangerous it will provide a full report showing the detonation of the file for the admin team to inspect. The report will show:
- File details
- File hashes
- Processes invoked
- Files written to disk
- Network Activity
- Malicious Activity
- Activity Tree
* Depending on your policy