World's first AI-driven malware prevention engine
Zscaler Sandbox prevents emerging and unknown threats and malware inline, protecting your users with the industry’s most comprehensive zero trust platform.
New AI-powered innovations

Advanced reporting features
Advanced reporting features
Map malware behavior and payload intent to MITRE ATT&CK to enrich incident investigations and response

AI-powered C2 infrastructure detection
AI-powered C2 infrastructure detection
Detect and prevent advanced encrypted attacks and command-and-control communication with JA3 signatures pulled from malware samples

Custom hash blocklists
Custom hash blocklists
Enable SecOps to perform proactive network-level protection using cryptographic hash from other parts of the security stack

Score-based blocking
Score-based blocking
Block suspicious categories and files like greyware and adware to reduce IT help desk tickets
Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for
Security Service Edge (SSE)
A Leader in SSE, once again
Modern threats bypass traditional sandboxing

Cyberattackers exploit sandbox weaknesses and use evasive techniques
Today’s adversaries use polymorphism and obfuscation techniques to evade detection and automation to build highly targeted attacks at lightning speed, easily bypassing legacy malware defenses and out-of-band sandbox offerings.

Post-delivery analysis leaves you reacting to threats, not preventing them
Traditional passthrough approaches often let never-before-seen malware slip by as the sandbox detonates new samples out-of-band, sharing protections only after the initial compromise.

Encrypted traffic allows today’s threats to avoid detection
Physical sandbox appliances lack native inline inspection and SSL decryption, requiring additional devices that create device sprawl and administrative and configuration nightmares.

Physical appliances aren’t built for the agility and scale of the cloud
Backhauling high volumes of traffic from cloud applications and mobile or remote users to dedicated sandboxes appliances with limited capacity results in performance bottlenecks, high latency, and frustrated users who may circumvent defenses.

Why Zscaler Sandbox?
Zscaler Sandbox is the world’s first AI-driven malware prevention engine, delivering inline patient zero defense by quarantining unknown or suspicious files before they reach your users. With unlimited latency-free inspection across web and file transfer protocols, including TLS/SSL, leave no stone unturned and keep advanced persistent threats off your network.
Built on a unique cloud native proxy platform, our cloud-delivered sandbox automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files, preventing compromise, lateral movement, and data loss across all users and devices. With real-time security updates sourced from 300 trillion daily signals, the service offers near-instant delivery of known benign files.
Ready to face tomorrow's threats

The world’s first intelligent malware prevention
Stop zero-day infections and advanced persistent threat (APT) attacks in their tracks using AI-driven quarantine and deep forensic file analysis, effectively blocking malware from reaching users without rescanning benign files.

Contextual threat intelligence for your SOC
Perform malware analysis at scale, uncovering the attack lifecycle and mapping malicious behavior and payload intent to the MITRE ATT&CK framework, giving analysts forensic details to enrich threat intelligence and SecOps workflows.

Built on an extensible zero trust platform
Draw on shared global protection inline with real-time updates sourced from 300 trillion daily threat signals for all users in all locations, with unlimited content inspection and native SSL decryption on a fully integrated, cloud native platform.
Zscaler Sandbox key differentiators

AI-driven malware prevention engine
Intelligently identify, quarantine, and prevent unknown or suspicious threats inline using advanced AI/ML without rescanning benign files.

Full inline inspection to find hidden attacks
Expose and prevent evasive threats and malware hiding in encrypted traffic across web and file transfer protocols without latency and capacity limits.

Consistent globally shared prevention
Get automated protection for previously unknown threats with integrated threat intelligence shared across all users in real time.

SOC workflows augmented with threat intel
Accelerate investigation and response by sharing malware behavioral insights, threat intel, and advanced reporting using robust APIs.

No more costly physical appliances and software
Deploy in seconds with no hardware to buy or software to manage—simply configure and implement a sandbox policy to immediately see value.

Cloud-delivered protection with global edge presence
Get unmatched security and user experience through full integration with Zscaler Internet Access™ as part of the Zscaler Zero Trust Exchange™.
Get comprehensive, AI-powered malware and zero day prevention
Zscaler Sandbox is available in ZIA Business and Professional editions. Advanced features of Zscaler Sandbox are available in ZIA Transformation and Unlimited editions or as an add-on module.
Standard | Advanced* | |
---|---|---|
File Types | 2 file types: EXE, DLL | EXE, DLL, SCR, OCX, SYS, CLASS, JAR, PDF, SWF, DOC(X), XLX(X), PPT(X), APK, ZIP, RAR, 7Z, BZ, BZ2, TAR, TGZ, GTAR, RTF, PS1, HTA, VBS, script files in ZIP files |
AI-Driven Quarantine | | |
Policy Control | | Granular quarantine-based policies |
Reporting | | |
All URL Categories | Limited to predefined URL categories | Included |
API Integrations | | |
Inline Blocking | Limited to suspicious URLs | |
Included with ZIA
| Included with ZIA Transformation and Unlimited *Available as an add-on module |
File Types
Standard
2 file types: EXE, DLL
Included with ZIA Professional and Business
Advanced*
EXE, DLL, SCR, OCX, SYS, CLASS, JAR, PDF, SWF, DOC(X), XLX(X), PPT(X), APK, ZIP, RAR, 7Z, BZ, BZ2, TAR, TGZ, GTAR, RTF, PS1, HTA, VBS, script files in ZIP files
Included with ZIA Transformation and Unlimited
*Available as an add-on module
AI-Driven Quarantine
Standard
Included with ZIA Professional and Business
Advanced*
Included with ZIA Transformation and Unlimited
*Available as an add-on module
Policy Control
Standard
Included with ZIA Professional and Business
Advanced*
Granular quarantine-based policies
Included with ZIA Transformation and Unlimited
*Available as an add-on module
Reporting
Standard
Included with ZIA Professional and Business
Advanced*
Included with ZIA Transformation and Unlimited
*Available as an add-on module
All URL Categories
Standard
Limited to predefined URL categories
Included with ZIA Professional and Business
Advanced*
Included with ZIA Transformation and Unlimited
*Available as an add-on module
API Integrations
Standard
Included with ZIA Professional and Business
Advanced*
Included with ZIA Transformation and Unlimited
*Available as an add-on module
Inline Blocking
Standard
Limited to suspicious URLs
Included with ZIA Professional and Business
Advanced*
Included with ZIA Transformation and Unlimited
*Available as an add-on module
“The company was looking for a solution that would be deployed quickly, with in-depth reporting, and Zscaler Sandbox proved to be more effective—and more cost-effective—than the hardware alternatives.” - AutoNation

Getting started with our cloud-delivered sandbox is simple
Zscaler Sandbox provides unmatched security with zero hardware to deploy or manage. Using the internet as your new corporate network with Zscaler, you’ll immediately gain unrivaled security with a superior user experience. Turn on the security services you need now, and seamlessly add more functionality as your demands grow or you phase out legacy appliances.