What does Zscaler do when it encounters an asset that is completely unknown during malware protection?

In the context of Zscaler's approach to malware protection, when an asset that is completely unknown is encountered, the system sandboxes the content and waits for a verdict.

This process involves isolating the unknown asset in a secure environment where it can be executed and analyzed without causing harm to other systems. The sandboxing approach is crucial because it allows for safe behavioral analysis of potentially malicious software. By observing how the asset interacts within the sandbox environment, Zscaler can determine whether the content is benign or malicious based on its behavior rather than solely its signature. This tactic enhances security by preventing immediate harm while still allowing for the unidentified asset to be assessed thoroughly.

In contrast, other options like flagging for further investigation or immediately quarantining may not provide the same level of assurance or in-depth analysis that sandboxing does. Deleting an asset outright would pose a risk of eliminating a legitimate file without proper assessment. Thus, sandboxing represents a strategic method for balancing security and analysis when facing unknown threats.