The past three years have seen many organizations adopt and deploy in-house dynamic sandboxing technologies tasked to detect and block specific classes of malware. The sandboxing appliances popularly deployed today are performing well against your average”0-day” malware threat, but capabilities decline dramatically the more targeted an adversary becomes. As business operations embrace the cloud, BYOD, VPN dual tunneling, and expand their home-office workforce, centralized sandboxing approaches will rapidly diminish in efficacy — and malware authors continue to have the upper-hand.”]
Source: https://www.darkreading.com/attacks-breaches/the-increasing-failure-of-malware-sandboxing