Beruflich Dokumente
Kultur Dokumente
FireSphere Features
Malware Sandboxing
While an AV signature/heuristic database provides an essential line of
defense to your network security, it
can only detect malware with known
signatures. FireSphere Sandboxing
detects, isolates and dissects APTs,
evasive malware, zero-day attacks
and polymorphic viruses that signatures alone cant block. And FireSphere includes innovative technology such as file baiting, designed to
identify and analyze the malware created to evade traditional solutions.
Deep File Analysis FireSphere
Sandboxing isolates and dissects
files for deep analyses, providing
the complete taxonomy of advanced malware behavior that
enhances resilience to future malicious evasion.
Full System Emulation By employing multiple machine emulators and file types, FireSphere
can identify malicious code,
thwart evasion techniques and
help prevent future exploits. This
results in actionable threat intelligence that is immediately synchronized across the entire iboss
database, offering real-time protection against threats, standard
security solutions miss.
Malware Sandboxing
Full System Emulation
Full System Emulation finds evasive malware and updates signatures to prevent future attacks.
File Upload
File
Opened/Run
Behavior
Analyzed
Actionable
Threat
Intelligence
Sync to iboss
Closed Loop
Database
File Baiting
HTTP Request
Intercept Unknown
File Request
Client
HTTP Request
Server
Analyze File
Monitor Bait
Generate Report
Continuous Infection
Monitoring
FireSphere continuous infection
monitoring leverages iboss unrivalled
visibility to detect malware already in
your network and alert you so that
immediate action can be taken.
Command and control (C&C)
callback detection Data loss often occurs when a bot hiding on
the network tries to contact C&C
outside. FireSphere's continuous monitoring detects C&C attempts before they are successful,
giving you time to respond and
mitigate.
Network Baselining
FireSphere includes Network Baselining for data anomaly analysis, a critical protection layer that increases infection detection and identifies viruses
that use evasive tactics to mask C&C
communications.
Auto-Quarantine
FireSphere contains the spread of
infections by network-wide scanning
for infected machines and high-risk
user behavior, and immediately
quarantining machines that are harboring malware or engaging in risky
behavior. This protection extends
across your organization to encompass all users whether on-or-off network, on mobile devices or BYOD.
Intrusion Detection
and Prevention
Because todays APTs and advanced
malware use evasive techniques designed to circumvent network security, FireSphere Intrusion Detection
and Prevention System (IDPS) layer
combines continuous monitoring,
granular application control and a
dynamically updated signature/heuristic AV database to scan for attack
patterns and network anomalies that
indicate exploits such as network
probes and port scans. With iboss
unrivalled visibility over the full inbound and outbound Web stream,
FireSphere is able to quickly detect
suspicious intrusion attempts that
other solutions miss. The IDPS layer
uses content aware data inspection,
DNS scanning and SSL anomaly detection to find intrusion attempts
and block them in real time. It also
provides multiple protocol inspection that includes SSH, RPC, SIN/VOIP,
IMAP, and POP to protect against
intrusion attempts across all users
whether onsite or on mobile devices.
Blended Signature
and Heuristic AV
Single source database feeds are no
longer effective. FireSphere integrates best-of-breed AV and anti-malware resources to detect malware
and viruses in real time, and uses its
innovative and proprietary database
cloud synchronization to update the
malware database dynamically, for
continuous, real-time protection.
Using malware feeds from a variety
of proprietary and best-of-breed
sources as well as APT defenses from
FireSphere Sandboxing and FireSphere Baselining, iboss continuously synchronizes these feeds and
delivers them to our Web Security
database, where they are disbursed
across all users whether on-premises or in-the-cloud. This dynamic and
continuous database cloud synchronization offers immediate protection
from new malware that standard security solutions cant match.
Advanced Threat
SIEM Reporting
FireSphere is integrated with
advanced threat SIEM Reporting,
which provides invaluable forensic-level intelligence that supports
every layer of FireSpheres APT
defense. Iboss dynamically indexed
data logs provide instantly retrievable historical reporting for up to a
year, allowing you to quickly identify
risks and threats with actionable intelligence to help prevent data loss.
Malware
Harvesting
DNS Mining
(Multiple Feeds)
(Multiple Feeds)
(Private/Customer Feeds)
Infection
Monitoring
Minimizing
Dwell Time
Infection
Quarantine
Exploit
Defense
Malware
Detection
(Detect)
Data Anomaly
Baselining
High-Risk
Quarantine
IPS
Signature &
Heuristic A/V
(Detect)
(Respond)
(Prevent)
(Preventing)
(Prevent/Detect)
Infected Devices?
Outbound
Servers
Egress
Inbound
Infection
Monitoring
Sandboxing
IPS
DNS
www.iboss.com | +1 877.742.6832
iboss, Inc. (P) 877.742.6832 Sales@iboss.com U.S. HQ 9950 Summers Ridge Rd., Bldg. 160 San Diego, CA 92121
2014 All rights reserved. iboss, Inc. All other trademarks are the property of their respective owners.
Signature &
Heuristic AV
C&C
Center