Sandboxing
What is Sandboxing?
Sandboxing is the practice of running code, files, processes, or applications inside a controlled isolated environment so their actions are restricted and any harmful behavior is contained away from the main system.
Examples
- An email security platform opens a suspicious attachment in a sandbox to observe whether it tries to execute malicious actions before allowing it to reach the user.
- A browser runs web content in isolated processes so a compromise in one tab has less chance of affecting the rest of the system.
Discover 🔎
Not all code can be trusted just because it is present on a system. Files arrive from email, users download applications, scripts are shared, browser content is loaded constantly, and third-party components execute in environments the organization depends on every day. Some of that code may be harmless, some may be unknown, and some may be actively malicious.
Sandboxing matters because it gives defenders a safer place to let code run without giving it unrestricted contact with the real environment. Instead of assuming everything deserves full trust immediately, the system places untrusted activity inside a boundary where its behavior can be limited, observed, or both.
Summary 📝
Sandboxing is the practice of letting code run inside a restricted and isolated environment so its behavior can be contained and observed without exposing the main system fully. It is valuable because many attacks depend on freedom of interaction with the surrounding environment, and sandboxing reduces that freedom. Used well, it supports both prevention and analysis by turning uncertain code into something that can be handled more safely.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.