FireSphere

Advanced Defense Against APTs and Evasive Infections

Todays advanced persistent threats (APTs), malware, and data-stealing infections are using port-evasive techniques to invade
your network, where they can stay hidden for months. And because preventing 100% of malware is unrealistic, you need a
proactive approach, with advanced persistent defense that not only blocks APTs, but also finds infections already on the network,
so you can respond and mitigate them in real- time to prevent data loss. iboss FireSphere is the only solution that provides
signatureless APT defense and infection detection technology highlighted by our full Web stream visibility. Combining the lean
forward technologies of continuous infection monitoring, baselining anomaly detection, malware sandboxing, an integrated
threat SIEM console, and other innovative features, iboss delivers unmatched protection against the pernicious threats that
plague modern networks.

FireSphere Features
Malware Sandboxing
While an AV signature/heuristic database provides an essential line of
defense to your network security, it
can only detect malware with known
signatures. FireSphere Sandboxing
detects, isolates and dissects APTs,
evasive malware, zero-day attacks
and polymorphic viruses that signatures alone cant block. And FireSphere includes innovative technology such as file baiting, designed to
identify and analyze the malware created to evade traditional solutions.
Deep File Analysis FireSphere
Sandboxing isolates and dissects
files for deep analyses, providing
the complete taxonomy of advanced malware behavior that
enhances resilience to future malicious evasion.
Full System Emulation By employing multiple machine emulators and file types, FireSphere
can identify malicious code,
thwart evasion techniques and
help prevent future exploits. This
results in actionable threat intelligence that is immediately synchronized across the entire iboss
database, offering real-time protection against threats, standard
security solutions miss.

The FireSphere Advantage

The only Web security solution that combines both signatureless malware
defense and infection detection at the gateway
The only Web security solution to provide stream based APT defense with
layer 7 visibility across the full web stream not just ports 80 and 443
The only Web security solution with an integrated advanced threat SIEM for
effective infection investigations and forensics
The only Web security solution that leverages network baselining technology
to detect elusive infections masking C&C communications
FireSphere minimizes the time from infection to detection with continuous
connection monitoring that delivers Zero-second detection of malware hiding
on your network
It provides unrivaled security for BYOD and heterogeneous device environments by quarantining high-risk devices and users
FireSphere easily scales to fit even the largest, distributed enterprise
environments

Malware Sandboxing
Full System Emulation
Full System Emulation finds evasive malware and updates signatures to prevent future attacks.

File Upload

File
Opened/Run

Behavior
Analyzed

Actionable
Threat
Intelligence

Sync to iboss
Closed Loop
Database

File Baiting

HTTP Request

Intercept Unknown
File Request

Client

HTTP Request

Server

Analyze File
Monitor Bait
Generate Report

File Baiting FireSphere offers

unique File Baiting technology to
uncover threats that use evasive
techniques or polymorphic viruses that evade detection by constantly changing. FireSphere intercepts suspicious files and tests
their behavior on bait files in a
controlled environment, generating actionable intelligence reports

Continuous Infection
Monitoring
FireSphere continuous infection
monitoring leverages iboss unrivalled
visibility to detect malware already in
your network and alert you so that
immediate action can be taken.

Detection and Containment of

Active Infections FireSphere
continuously monitors and inspects all 131 thousand inbound/
outbound data channels to find
active infections on the network
and contain them before data loss
can occur.
Actionable intelligence FireSphere is integrated with
advanced threat SIEM reporting
to provide investigative and forensic tools that give you powerful insight into when malware first
entered your network, who got
infected, how the infection spread
and other machines on your network that might be compromised.


Command and control (C&C)
callback detection Data loss often occurs when a bot hiding on
the network tries to contact C&C
outside. FireSphere's continuous monitoring detects C&C attempts before they are successful,
giving you time to respond and
mitigate.

Network Baselining
FireSphere includes Network Baselining for data anomaly analysis, a critical protection layer that increases infection detection and identifies viruses
that use evasive tactics to mask C&C
communications.

Heres how FireSphere

Baselining Works:
1. FireSphere
employs
iboss
full Web stream visibility and
advanced threat SIEM to store historical data logs, which are essential to establishing a connection
baseline of normal behavior for
your organization.
2. FireSphere continuously monitors a range of parameters including connection counts, destination, Bytes In/Out, and unusual
deviations in traffic, to pinpoint
unusual behavior that can signify
the network has been compromised.
3. Once a problem is revealed, the
data transfer is stopped and you
are alerted, giving you time to investigate and remediate.
Other FireSphere Baselining
features include:
FireSphere continuous infection
monitoring leverages iboss unrivalled
visibility to detect malware already in
your network and alert you so that
immediate action can be taken.

iboss patented stream-based
technology can stop data transfers mid-stream, quarantine and
send an alert

Threat GeoMapping integrates
with advanced threat SIEM reporting to identify threat locations and heat maps that pinpoint
threats across a global map. This
shortens your response time to
protect data.

Streamlined Directory Services
Integration supports Active Directory, eDirectory, OpenLDAP, Oracle
ID and others, to give you detailed
user and group-based reports and
alerts, for accurate policy enforcement and data loss prevention
across all mobile/BYOD users.

Auto-Quarantine
FireSphere contains the spread of
infections by network-wide scanning
for infected machines and high-risk
user behavior, and immediately
quarantining machines that are harboring malware or engaging in risky
behavior. This protection extends
across your organization to encompass all users whether on-or-off network, on mobile devices or BYOD.

Intrusion Detection
and Prevention
Because todays APTs and advanced
malware use evasive techniques designed to circumvent network security, FireSphere Intrusion Detection
and Prevention System (IDPS) layer
combines continuous monitoring,
granular application control and a
dynamically updated signature/heuristic AV database to scan for attack
patterns and network anomalies that
indicate exploits such as network
probes and port scans. With iboss
unrivalled visibility over the full inbound and outbound Web stream,
FireSphere is able to quickly detect
suspicious intrusion attempts that
other solutions miss. The IDPS layer
uses content aware data inspection,
DNS scanning and SSL anomaly detection to find intrusion attempts
and block them in real time. It also
provides multiple protocol inspection that includes SSH, RPC, SIN/VOIP,
IMAP, and POP to protect against
intrusion attempts across all users
whether onsite or on mobile devices.

Blended Signature
and Heuristic AV
Single source database feeds are no
longer effective. FireSphere integrates best-of-breed AV and anti-malware resources to detect malware
and viruses in real time, and uses its
innovative and proprietary database
cloud synchronization to update the
malware database dynamically, for
continuous, real-time protection.
Using malware feeds from a variety
of proprietary and best-of-breed
sources as well as APT defenses from
FireSphere Sandboxing and FireSphere Baselining, iboss continuously synchronizes these feeds and
delivers them to our Web Security
database, where they are disbursed
across all users whether on-premises or in-the-cloud. This dynamic and
continuous database cloud synchronization offers immediate protection
from new malware that standard security solutions cant match.

Advanced Threat
SIEM Reporting
FireSphere is integrated with
advanced threat SIEM Reporting,
which provides invaluable forensic-level intelligence that supports
every layer of FireSpheres APT
defense. Iboss dynamically indexed
data logs provide instantly retrievable historical reporting for up to a
year, allowing you to quickly identify
risks and threats with actionable intelligence to help prevent data loss.

Delivers Powerful Layered Defense Against APTs,

Evasive Malware, Polymorphic Viruses and Data Loss
iboss Cloud Malware Feeds
Active Threat
Monitoring Feeds

Malware
Harvesting

DNS Mining
(Multiple Feeds)

(Multiple Feeds)

(Private/Customer Feeds)

iboss FireSphere Layered APT Defense

APT Defense
Behavioral
Sandboxing

Infection
Monitoring

Minimizing
Dwell Time

Infection
Quarantine

Exploit
Defense

Malware
Detection

(Detect)

Data Anomaly
Baselining

High-Risk
Quarantine

IPS

Signature &
Heuristic A/V

(Detect)

(Respond)

(Prevent)

(Preventing)

(Prevent/Detect)

Integrated Advanced Threat SIEM - Threat & Event Console

Infected Devices?

Real-Time Transactional Cloud Sync

iboss (On-Premise or Cloud)

Outbound

Suspicious Server Behavior?

Baselining

Servers

Egress

Inbound

Infection
Monitoring

Sandboxing

IPS

DNS

iboss Next-Generation Solutions

iboss patented technology protects organizations from APTs, targeted attacks and
data loss with innovative Web Security, Mobile Security and FireSphere advanced
APT defense solutions. All iboss solutions are integrated with our exclusive advanced
threat SIEM single-pane-of-glass reporting.

Web Security with integrated BYOD and Bandwidth Management

FireSphere for advanced defense against APTs

Mobile Security with integrated MDM

www.iboss.com | +1 877.742.6832
iboss, Inc. (P) 877.742.6832 Sales@iboss.com U.S. HQ 9950 Summers Ridge Rd., Bldg. 160 San Diego, CA 92121
2014 All rights reserved. iboss, Inc. All other trademarks are the property of their respective owners.

Signature &
Heuristic AV

C&C
Center