Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Sandbox

Advanced malware defenses with AI and layered threat detection to stop emerging file-based attacks


Strengthen your enterprise's security posture, prevent advanced malware and ransomware, and empower SOC teams to more quickly investigate threats—all while keeping employees productive. 

The Problem

Security at the expense of productivity

Malware as a service is a leading cybercrime trend, and on top of that, a ransomware attack occurs against a business or consumer every two seconds.


To stop these attacks, and to avoid disrupting productivity, traditional malware sandboxes allow unknown files into the enterprise the first time they appear, without waiting for sandbox file verdicts. This flawed solution often results in patient zero infections. A new approach is needed, one that detects and stops all new and known threats at scale without impacting performance.


Get comprehensive, AI-powered malware and zero day prevention

Zscaler Sandbox is an AI-powered solution that delivers inline patient zero defense by quarantining unknown or suspicious files before they reach your users. With unlimited latency-free inspection across web and file transfer protocols, including TLS/SSL, it keeps advanced persistent threats off your network.

Built on a unique cloud native proxy platform, Zscaler Sandbox automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files, preventing compromise, lateral movement, and data loss across all users and devices. With real-time security updates sourced from 300 trillion daily signals, the service offers near-instant delivery of known benign files.


Malware protection with productivity built in

Inline detection prevents patient zero infections

Inline, layered malware analysis detects known and unknown threats without burdening endpoints or requiring hooks into NGFWs.

Prevention + productivity

AI-powered threat detection delivers instant verdicts while preserving productivity since users don’t need to wait for sandbox decisions.

Security team-ready

Zscaler Sandbox is fully integrated into security and SOC workflows with out-of-band API file analysis as well as full Browser Isolation and CrowdStrike integration.

How It Works

AI-driven threat prevention

Layered malware detections

Zscaler TLS inspection stops malware and ransomware with the cloud effect, blocking known malware via file hashes, complemented with additional scans from leading malware engines and threat feeds. 

AI-powered security

Trained with more than 500 million samples, the AI malware engine in Zscaler Sandbox scans files to instantly convict files that are likely malicious.

Static and dynamic analysis

Static and dynamic analysis inspect code structure at rest, detonate files in a virtualized environment, and analyze secondary samples, updating cloud effect databases when a malicious file is detected.

Browser isolation integration

Browser isolation supports maximized productivity by allowing users to instantly access flattened PDFs of documents during sandbox analysis.

API-driven analysis

API file integration for security investigations sends out-of-band files directly to Zscaler Sandbox.

Granular policy and reporting

Granular policies adjust the actions Zscaler Sandbox takes based on users, locations, or categories to best support your business. In-depth out-of-the-box reporting for every file empowers security teams with key details, including MITRE ATT&CK mapping.

Use Cases

Ransomware and malware defense

Stop file-based ransomware and malware for more effective enterprise security postures.

dots pattern
SOC empowerment

Leverage fast, direct threat investigations to get immediate file verdicts and details for security investigations or to analyze files from newly acquired companies.

dots pattern
dots pattern
Automotive / 21,000+ employees across 360 locations

AutoNation protects against zero day attacks with Zscaler Sandbox

Aerospace / 13,000 employees

Bombardier enhances security to stop patient zero attacks

Financial Services

CSC unifies protection in the cloud with Zscaler Sandbox, CASB, and Firewall

dots pattern

Schedule a custom demo

Let our experts show you how Zscaler Sandbox uses AI and layered threat detection to stop emerging file-based attacks.