Do you use sandbox technology?

Yes, but it's emulation based and not virtualization based. In general, our experience has taught us that virtualization based technology is particularly important for forensic and full attack chain analysis on a very specific environment. Unfortunately, the downside of such in-depth analysis is speed (time to reporting is typically within 5-10 minutes), scaling challenges, high maintenance, having to restrict to a specific environment and a large resource overhead. Instead, we focus on a sophisticated set of lightweight emulation engines that implement adaptive threat analysis and have shown to yield better results at a fraction of cost. OPSWAT Filescan Sandbox is a best-in-class emulation sandbox.