Cyren Sandboxing

Stop evasive zero-day threats with a sandbox array in the cloud.

Request a demo

Block the unknown, not just the known

Cyren Sandboxing is an advanced layer of web and email security which protects your business against breaches and data loss from today’s sophisticated threats -- even if previously unknown. Zero-day exploits, targeted attacks, and Advanced Persistent Threats are increasingly “sandbox aware,” as hackers use diverse strategies to evade detection by traditional sandboxing appliances. Cyren’s unique cloud sandbox array technology is able to tease out the full behavior of malicious files and embedded URLs targeting your users.

  • Stop today’s sophisticated threats with an advanced layer of security in the cloud
  • Combats sandbox-aware malware with a multi-sandbox array of diverse environments and iterative analysis
  • Once a new threat is identified, all Cyren users are immediately protected
  • Combines with dynamic reputation analysis for deep Advanced Threat Protection

Cyren featured content


Cyren Sandboxing: Stop evasive zero-day threats with Cyren’s sandbox array in the cloud – This datasheet outlines Cyren's patent-pending sandbox array technology, a fundamental step forward in the battle against hyper-evasive malware


Magazine article

"New hyper-evasive threats are killing sandboxing as we know it" – This article by Cyren Vice President of Threat Research and sandboxing expert Sigurdur Stefnisson discusses a new generation of malware designed to evade traditional defenses and specifically, current sandboxing technology.


On-demand webinar

"Why Evasive Zero-Day Attacks are Killing Traditional Sandboxing" – Learn how hackers are now applying high-volume malware distribution techniques, and how a new generation of evasive malware is able to fool traditional sandbox solutions.


White paper

"TCO Analysis Guide for Security Appliances and Cloud-based Security" – In this paper, we highlight six major Total Cost of Ownership (TCO) considerations for IT decision makers and procurers looking to decide on cloud-based SaaS vs. appliances as an approach to security.


Don’t deploy it – just turn it on

Cyren Sandboxing is easy to implement, as it’s fully integrated into our cloud security platform and delivered as an integrated feature of both our Cyren Web Security and Cyren Email Security services. This means instant availability and full synergies between the sandboxing system and the other security layers. As a cloud-based SaaS solution, there are no time-consuming updates or patches that you need to apply, and you are always running the latest version.

  • Cloud-based, integrated feature of web and email security SaaS services
  • No maintenance, no patching required 
  • Always updated, no lengthy appliance update cycles 
  • Can be instantly activated, requires no “deployment”

Unlimited scalability

Cyren Sandboxing is designed to protect all of your users, from roaming employees to branch offices to headquarters, from the most logical place – the cloud, where our massively scalable, globally unified security platform sees over 17 billion web and email transactions a day, delivering the fastest threat analysis and the highest catch rates. Our patent-pending Cloud Sandbox Array technology performs full behavioral analysis as necessary to identify a threat, and handles with ease the additional processing load required to properly inspect threats hidden in encrypted SSL traffic.

  • Cloud processing scale allows deeper “Big Data” behavioral analysis and better threat detection
  • Scalable protection for all your users and all your traffic -- no need to worry about load analysis and sizing appliances
  • Automates complex process of file analysis formerly done manually by malware researchers

Actionable forensics and reports

For security teams seeking detail to pinpoint any problem and identify systems requiring remediation, Cyren provides an Incident Management dashboard with detailed forensic reports identifying the root cause and impact of an infection – the when, how, where, and who. And even though our analysis may be extremely complex, conducted across multiple sandbox environments, our reporting clarifies any action needed with a single unified report and risk score and a merged list of identified risks.

  • Incident reports pinpoint problems and speed remediation
  • System alerts inform type and severity, from Active Directory sync issues to identified malware
  • Malware forensic analysis provides full malware profile, signature, analysis results, and link to behavioral screenshots

How it works: Multi-sandboxes in the cloud

Malware today is designed to avoid detection by appliance sandboxes, a problem Cyren Sandboxing solves by combining cloud computing power with our patent-pending multi-sandbox array technology to ensure that the behavior of unknown files is completely expressed during analysis. A natural language-processing decision engine coordinates the analysis of suspicious objects by multiple, different sandboxing environments, including varied virtual and physical environments.

Automated process steps are:

  1. Sophisticated pre-processing performs static analysis and the decision engine selects the initial sandbox for analysis from the array.
  2. The file is detonated in the selected sandbox and monitored for malicious activity, while different components are.
  3. Based on results, the file may be recursively submitted to different types of sandboxes – until full behavior is observed, and an aggregate threat score is calculated.
  4. Once malicious files and URLs are identified, Cyren fingerprints and blocks them across its global network within seconds.

Try Cyren Web Security FREE for 30 days