It is rather simple
Basically UNIX has had the answer for well over 40 years, called chroot jail.
Here you run - inside the operating system. The program is loaded, then isolated from the rest of the system, access to physical devices can be blocked or allowed, by creating a device access. The application does not have access to system libraries once started, and therefore you move the sub components that the application requires into the chroot jail, they can even be forced in, as read-only, and therefore limiting the damage that a compromised application can even do.
Virtualisation is good when you have an operating system, without security features, and application sand boxing - aka windows - Or when you allow multiple customers to run their servers on the same hardware, and you need to isolate the customers from each other, however, chroot, can do the very same thing, and you can choose how much of the operating system, will be available.
As the system is sharing physical memory, and you do not need to load multiple operating systems, and kernels, the amount of memory used, is reduced enormously.
However, virtualisation allows you to do restrictions that chroot cannot, such as locking a virtual machine to a specificed numer of CPU's, which means if some application goes crazy, it cannot consume all CPU resources, nor memory dedicated to other virtual servers.