Secure Cloud Transformation: The CIO’s Journey Request Your Copy
Secure Cloud Transformation: The CIO’s Journey
Request Your Copy

Zero trust security

Make it possible

Your Mission

Do you know what the gaps in your appliance sandbox are costing you?

We’ll fill you in.

Mind the gap

If your company owns an appliance sandbox, you’ve invested in a key tool for zero-day protection. But the rise in cloud apps and widespread mobility have introduced serious gaps in your network-based protections, and you have to question whether your sandbox appliance is still up to the task of delivering zero-day protection for your users and data.

The risk of attack is growing in frequency and sophistication. It’s time to “mind the gap” in your sandbox protection and invest in zero-day defense for the cloud era.

Why do appliance sandboxes have security gaps?

Off-network users

Off-network users

When your users connect to the internet off-network, they become exposed and your appliance sandbox goes blind.

Encrypted traffic

Encrypted traffic

Malware often hides in SSL, and most companies don’t have the capacity to inspect all their SSL traffic.



Off-Network users and lack of SSL visibility limits your sandbox investigations to only half the threat picture.

To help you improve your zero-day security, we’ve pulled together all the info you need to understand your sandbox security gaps, and what you can do to fix them.

Learn More

Calculate the true cost of your security gaps

While appliance sandboxes can help mitigate zero-day risks, it’s the security gaps in your network architecture that leave your users and data exposed. From productivity loss to a large scale breach, the impact of a zero-day infection can be significant. To help you understand your security gaps better, we’ve pulled together this tool to help you define your sandbox security posture and see the most costly areas of your network to leave exposed.

Your company

Your network

Tell us about
your company

Total number of usersCount up all your users across all offices and remote.

Percent of time your users work remoteSome may work remote a lot, some only in the evenings. Estimate across all your users.
Location of corporate

Estimate of all the users that are in branch offices?Smaller offices that are backhauled to a Data Center, or go direct to the internet.

Your network traffic security

Main data center
Main data center
Branch data center

Encrypted SSL

Remote branch
userRemote Users are off network and VPN and connect direct to internet.

Traffic currently inspected by sandbox
Traffic not inspected by sandbox

Tell us about your appliance sandbox

Total data center traffic inspected by sandbox?
This is HQ/Larger Offices routed through a gateway
Total branch office traffic inspected by sandbox
This is traffic backhauled to a gateway. Don’t count direct internet traffic
Total amount of traffic listed above that is SSL?Estimate across HQ/Larger Office and Branch traffic that is sent to gateway. Industry metrics place this at around 70%.
Amount of SSL traffic sandbox is inspecting?This type of inspection usually requires a third party appliance.

Potential cost of a breachUsing Industry variables and Zscaler Cloud Stats, we can calculate the total security costs associated with your sandbox inspection strategy.

Total malware incidents missed per YearThe malware you could miss in your uninspected traffic.


Amount of malware incidents missed that could cause a major breachVerizon Data Breach reports and Zscaler stats were consulted to calculate this number. It is small, but carries the most impact to your business.


Ponemon's Cost of a Major Breach (2017)Based on HQ Location with costs across Detection, Lost Business and Remediation.


Cost of a Major Breach IncidentThis cost is found by multiplying the first two listed values in this calculator. This gives us total malware missed that can cause a major breach. Multiple that value by Ponemon's cost of a breach, and you get major breach cost.


Cost of a Minor Breach IncidentFor this cost we take the remaining malware not inspected and track it as minor infections that cause productivity loss. For each malware missed we assume 6 hours of productivity lost across IT and Employee at $45 an hour.


Total Cost of Malware MissedFinal costs associated with uninspected traffic for both minor infections and a potential major breach.


See what always-on zero-day protection on looks like

Zscaler Cloud Sandbox can blanket all your off-network users, inspect all your SSL traffic, and give you uninterrupted user visibility for a better threat investigations.

Watch Video

Are you ready to Mind the Gap?

Turning on security services in your Zscaler installation is quick and easy. If you’re ready to explore how Zscaler Cloud Sandbox can strengthen your zero-day protection and help close your appliance sandbox gaps, let us know.

Let’s Talk