World's first AI-driven malware prevention engine

Zscaler Sandbox prevents emerging and unknown threats and malware inline, protecting your users with the industry’s most comprehensive cloud native security service edge (SSE) platform.

Watch our video

Read the data sheet

New AI-powered innovations

Advanced reporting features

Map malware behavior and payload intent to MITRE ATT&CK to enrich incident investigations and response

Post-delivery analysis leaves you reacting to threats, not preventing them

AI-powered C2 infrastructure detection

Detect and prevent advanced encrypted attacks and command-and-control communication with JA3 signatures pulled from malware samples

Encrypted traffic allows today’s threats to avoid detection

Custom hash blocklists

Enable SecOps to perform proactive network-level protection using cryptographic hash from other parts of the security stack

Physical appliances aren’t built for the agility and scale of the cloud

Score-based blocking

Block suspicious categories and files like greyware and adware to reduce IT help desk tickets

Zscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE)

Positioned Highest in the Ability to Execute

Get the report

Modern threats bypass traditional sandboxing

Cyberattackers exploit sandbox weaknesses and use evasive techniques

Today’s adversaries use polymorphism and obfuscation techniques to evade detection and automation to build highly targeted attacks at lightning speed, easily bypassing legacy malware defenses and out-of-band sandbox offerings.

Post-delivery analysis leaves you reacting to threats, not preventing them

Traditional passthrough approaches often let never-before-seen malware slip by as the sandbox detonates new samples out-of-band, sharing protections only after the initial compromise.

Encrypted traffic allows today’s threats to avoid detection

Physical sandbox appliances lack native inline inspection and SSL decryption, requiring additional devices that create device sprawl and administrative and configuration nightmares.

Physical appliances aren’t built for the agility and scale of the cloud

Backhauling high volumes of traffic from cloud applications and mobile or remote users to dedicated sandboxes appliances with limited capacity results in performance bottlenecks, high latency, and frustrated users who may circumvent defenses.

Why Zscaler Sandbox?

Zscaler Sandbox is the world’s first AI-driven malware prevention engine, delivering inline patient zero defense by quarantining unknown or suspicious files before they reach your users. With unlimited latency-free inspection across web and file transfer protocols, including TLS/SSL, leave no stone unturned and keep advanced persistent threats off your network.

Built on a unique cloud native proxy platform, our cloud-delivered sandbox automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files, preventing compromise, lateral movement, and data loss across all users and devices. With real-time security updates sourced from 300 trillion daily signals, the service offers near-instant delivery of known benign files.

Ready to face tomorrow's threats

The world’s first intelligent malware prevention

Stop zero-day infections and advanced persistent threat (APT) attacks in their tracks using AI-driven quarantine and deep forensic file analysis, effectively blocking malware from reaching users without rescanning benign files.

Contextual threat intelligence for your SOC

Perform malware analysis at scale, uncovering the attack lifecycle and mapping malicious behavior and payload intent to the MITRE ATT&CK framework, giving analysts forensic details to enrich threat intelligence and SecOps workflows.

Built on an extensible zero trust platform

Draw on shared global protection inline with real-time updates sourced from 300 trillion daily threat signals for all users in all locations, with unlimited content inspection and native SSL decryption on a fully integrated, cloud native platform.

Zscaler Sandbox key differentiators

AI-driven malware prevention engine

Intelligently identify, quarantine, and prevent unknown or suspicious threats inline using advanced AI/ML without rescanning benign files.

Full inline inspection to find hidden attacks

Expose and prevent evasive threats and malware hiding in encrypted traffic across web and file transfer protocols without latency and capacity limits.

Consistent globally shared prevention

Get automated protection for previously unknown threats with integrated threat intelligence shared across all users in real time.

SOC workflows augmented with threat intel

Accelerate investigation and response by sharing malware behavioral insights, threat intel, and advanced reporting using robust APIs.

No more costly physical appliances and software

Deploy in seconds with no hardware to buy or software to manage—simply configure and implement a sandbox policy to immediately see value.

Cloud-delivered protection with global edge presence

Get unmatched security and user experience through full integration with Zscaler Internet Access™ as part of the Zscaler Zero Trust Exchange™.

Learn more

Get comprehensive, AI-powered malware and zero day prevention

Zscaler Sandbox is available in ZIA Business and Professional editions. Advanced features of Zscaler Sandbox are available in ZIA Transformation and Unlimited editions or as an add-on module.

	Standard	Advanced*
File Types	2 file types: EXE, DLL	EXE, DLL, SCR, OCX, SYS, CLASS, JAR, PDF, SWF, DOC(X), XLX(X), PPT(X), APK, ZIP, RAR, 7Z, BZ, BZ2, TAR, TGZ, GTAR, RTF, PS1, HTA, VBS, script files in ZIP files
AI-Driven Quarantine
Policy Control		Granular quarantine-based policies
Reporting
All URL Categories	Limited to predefined URL categories
API Integrations
Inline Blocking	Limited to suspicious URLs
	Included with ZIA Professional and Business	Included with ZIA Transformation and Unlimited *Available as an add-on module

File Types

Standard