Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sandboxing

805 views

Published on

SB

Published in: Software
  • Be the first to comment

  • Be the first to like this

Sandboxing

  1. 1. 1 Market Trends
  2. 2. 2 Old & New Threats Despite all the publicity about zero-day exploits, a big percentage of breaches (44 per cent) come from vulnerabilities which are two to four years old. […] Most vulnerabilities stem from a relatively small number of common software programming errors. Every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago, according to HP, which recorded an increase in the level of mobile malware detected. “Many of the biggest security risks are issues we’ve known about for decades, leaving organisations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP.
  3. 3. 3 Android Known Vulnerabilities: Update? http://www.cvedetails.com/cve/CVE-2015-1474/
  4. 4. 4 Sandboxing
  5. 5. 5 Why Talk about Advanced Threat Protection “New Studies Reveal Companies are Attacked an Average of 17,000 Times a Year.” “Companies like J.P. Morgan Plan to Double Spending on Cyber security…” “Cybercrime Will Remain a Growth Industry for the Foreseeable Future.” “The Reality of the Internet of Things is the Creation of More Vulnerabilities.” “43% of firms in the United States have experienced a data breach in the past year.”
  6. 6. 6 Companies should be concerned  Prevention techniques sometimes fail, so detection and response tools, processes, & teams must be added FACT: GOAL: Reduce time to Find/Detect incidents Reduce time to Investigate incidents Reduce time to Remediate incidents 229days Average time attackers were on a network before detection 67% Victims were notified by an external entity
  7. 7. 7 Kill Chain of an Advanced Attack Spam Malicious Email Malicious Web Site Exploit Malware Command & Control Center Bots leverage legitimate IPs to pass filters. Social engineering fools recipient. Malicious Link Bot Commands & Stolen Data Anti-spam Web Filtering Intrusion Prevention Antivirus App Control/ IP Reputation Fast flux stays ahead of web ratings Zero-days pass IPS Compression passes static inspection Encrypted communication passes controls
  8. 8. 8 Known Good Known Bad Probably Good Very Suspicious Somewhat Suspicious Might be Good Completely Unknown Whitelists Reputation: File, IP, App, Email Signatures Digitally signed files Blacklists Signatures Heuristics Reputation: File, IP, App, Email Generic Signatures Code Continuum Security Technologies Sandboxing Malware? Goodware? Idon’tknowware? The Continuum
  9. 9. 9 Enter Sandboxing Spam Malicious EmailMalicious Link Malicious Web Site Exploit Malware Bot Commands & Stolen Data Command & Control Center Spam Malicious Link Exploit Malware Bot Commands & Stolen Data Sandbox Anti-spam Web Filtering Intrusion Prevention Antivirus App Control/ IP Reputation
  10. 10. 10 FortiSandbox – 5 Steps to Better Performance Call Back Detection Full Virtual Sandbox Code Emulation Cloud File Query AV Prefilter • Quickly simulate intended activity – Fortinet patented CPRL • OS independent & immune to evasion – high catch rate • Apply top-rated anti-malware engine • Examine real-time, full lifecycle activity in the sandbox to get the threat to expose itself • Check community intelligence & file reputation • Identify the ultimate aim, call back & exfiltration • Mitigate w/ analytics & FortiGuard updates
  11. 11. 11  VB100 Reactive: AV w/ all updates  VB100 Proactive: AV w/o updates  Fortinet anti-malware results » 96% reactive » 86% proactive Top Rated Anti-Malware Independent third-party tested & validated!
  12. 12. 12  Top-rated Breach Detection (NSS Labs Recommended) » 99% detection » Results delivered w/in 1 min most of the time Top Rated Sandbox Independent third-party tested & validated!
  13. 13. 13 New in FortiSandbox 2.0  Now includes full sandboxing w/ licenses for Windows, MS Office, IE  Now follows URLs to scan objects  Now inspects Network File Share locations  Now exports to 3rd Party scan tools Integrated with FortiGate  Provides SSL inspection  Fewer sandboxes needed – 1 sandbox supports multiple FortiGates (Ingress/Egress points)  FortiSandbox Cloud service integrated with FortiGate offers quarantine feature New in FortiSandbox 2.0 - Detecting Even More Attacks Network Traffic Network Traffic FortiGate FortiSandbox FortiSandbox
  14. 14. 14 Stop Malicious Emails: FortiSandbox, FortiGate, FortiMail Reputation, behavior and other analysis performed by FortiMail. At risk messages held for additional FortiSandbox analysis. Clean emails delivered to mail servers. Outgoing email also inspected FortiSandbox prefilters, executes, analyzes and feeds back to FortiMail and FortiGuard. Feedback to FortiGuard Feedback to FortiMail Email Traffic Internet Sandbox Inspection Inspected EmailsNetwork Traffic Full NGFW inspection performed on FortiGate. At risk objects sent to FortiSandbox  FortiMail for Email Inspection » Blocks known threats » Holds high risk messages for Sandbox rating » Simplified deployment 1 sandbox supports multiple FortiMail  FortiSandbox for Payload Analysis » Detects unknown threats » Provides threat intelligence for mitigation » Ultimately results in updated FortiGuard Security Services
  15. 15. 15 The Details- New Advanced Threat Protection Framework Integrated Solutions for Better Protection Hand off : High risk items Hand off : Ratings & results Hand off : Security updates FortiSandbox & everything that is behavior based FortiGate, FortiMail & everything that can enforce a security policy FortiGuard teams and automation Known Threats • Reduce Attack Surface • Inspect & Block Known Threats Unknown Threats • Identify Unknown Threats • Assess Behavior & Identify Trends Response • Identify scope • Mitigate impact
  16. 16. 16 Detect to Mitigate to Prevent A continuous cycle of improvement Updates to Preventative Security  Updated IP sender reputations  New web site ratings used for web filtering  New IPS rules and botnet detection to block command and control traffic  Updated anti-malware detection for this and similar attachments Detection and analysis  Sandbox object behavior analysis & details  Suspicious activity: privilege modification, file creation, modification & deletion  Malicious activity: initiated traffic, encrypted traffic, DNS query  File names, URLs, IP addresses Immediate Remediation  Block email sender IP from delivering any other messages to employees.  Prevent communication with this command & control  Quarantine recipient devices  Confirm compromise and remove malicious files
  17. 17. 17 Contattaci gratuitamente… In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certificazione, raggiungendo la qualifica di Partner Of Excellence. Certified experts in Fortimail and email security Certified experts in Fortiweb and web application firewall protection Certified experts in FortiAp, FortiWifi and wireless security Contacts Tel. +39 049 8843198 DIGIT (5) contacts@lanewan.it www.lanewan.it

×