Products > Cloud Sandbox

Your users are everywhere. But your
sandbox is sitting in the data center.

Get the benefits of complete sandboxing in a cloud-first world.

Watch Video

The challenges of stopping zero-day threats

Today’s appliance-based sandboxes are expensive and, therefore, typically installed only in the data center. When users leave the network, they become exposed to new threats because sandbox protection can’t follow them.

Traditional sandboxes usually operate out of line, allowing traffic through while inspecting suspicious files in TAP mode. If a threat is detected in the sandbox, it sends alerts, but they can arrive too late. Traditional sandboxes also lack the ability to fully inspect SSL traffic due to hardware limitations—and many malware authors are exploiting those limitations to distribute their malicious payloads.

In order to provide sandbox protection, organizations have bolted sandboxing solutions onto their existing security stacks. It helps, but achieving a fully integrated threat platform across multiple products is nearly impossible.

Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

Zscaler turns zero-day threats into zero threats

No matter where users connect, Zscaler Cloud Sandbox sits between them and the internet, analyzing unknown files for advanced threats. Zscaler delivers full sandbox protection—on or off network—without backhauling traffic or the use of cumbersome VPNs.

Zscaler Cloud Sandbox is integrated into the Zscaler Cloud Security Platform , so you get a full security stack from day one. Just point your traffic to Zscaler — there’s no hardware or software to buy or manage.

Zscaler Cloud Sandbox lets you find and stop more threats, as it is always inline and delivers full SSL inspection with unlimited capacity.

Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.
See Our Solution View the Challenge


Simply scalable:

Cover every user, regardless of location, from the cloud. On or off network, everyone gets the exact same protection, without cumbersome VPNs or costly MPLS links.

Better protection:

Because Zscaler Cloud Sandbox is always inline, you can easily hold onto files until verified as clean by the sandbox before delivering.

Unlimited capacity:

Zscaler Cloud Sandbox never runs out inspection capacity, even when scanning SSL. Try that with an appliance!

Cost effective:

Just point your traffic to Zscaler. There is no hardware to buy or software to manage. You get complete sandbox protection at a fraction of the cost of traditional appliances.

Zscaler Cloud Sandbox stops emerging advanced threats faster

The Zscaler platform is built on a massive, multi-tenant cloud security architecture that processes 40 billion requests and blocks more than 100,000 threats per day. Any threat detected for any user in our cloud is blocked for every other cloud user worldwide within seconds. With Zscaler, you can stop more advanced threats quicker, without the hassle of managing security updates or change windows.

Cloud Activity Dashboard
| Global Threat Map Dashboard
| Global Enforcement Dashboard

Zscaler Cloud Sandbox delivers full inline protection and provides a complete picture of the threats targeting your users.

Scale granular policies by user, group, file type, and URL to easily control which files get quarantined and inspected.

The world's most trusted brands trust Zscaler

Read their stories and hear their accounts of moving security off the
network and into the cloud.

GHD is one of the world’s leading professional services companies operating in the global markets of water, energy and resources, environment, property and buildings, and transportation. See how Zscaler Cloud Sandbox transformed the way GHD protects its 8,500 users from advanced threats.

Read the Story

Getting started is simple

With Zscaler, there is no hardware deploy or manage. By making Zscaler your next hop to the internet, you’ll immediately enjoy increased security and compliance. Turn on the services you need now, and easily add more as your demands grow or as you phase out appliances.


Up-level your security and make Zscaler your next hop to the internet. It is fast to deploy and no infrastructure changes are required.


Remove point products and phase out gateway appliances at your own pace. Reduce cost and management overhead.


Cloud-enable your network. Secure SD-WAN / local internet breakouts, optimize backhauling and deliver a better user experience.

Suggested Resources

Cloud Sandbox solution brief

Learn more 

Combating APTs with Cloud Sandboxing

Read more 

10 Reasons for Moving Security to the Cloud

Read more