Fortinet, ´µ€¶¸ ¼°€ƒ!

  • View
    381

  • Download
    0

Embed Size (px)

Text of Fortinet, ´µ€¶¸ ¼°€ƒ!

  • Copyright Fortinet Inc. All rights reserved.

    FORTISANDBOX

    2 2015

    +79859996477

    aandriyashin@fortinet.com

  • 2

    APT (ATA)

    http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

    1 2+

  • 3

    FORTINET

    FortiDBDatabase

    Protectio

    n

    FortiClientEndpoint Protection,

    VPN

    FortiTokenTwo Factor

    Authentication

    FortiSandboxAdvanced Threat

    Protection

    FortiClientEndpoint Protection

    FortiGateNGFW

    FortiAuthenticatorUser Identity

    Management

    FortiManagerCentralized

    Management

    FortiAnalyzerLogging, Analysis,

    Reporting

    FortiADCApplication

    Delivery Control

    FortiWebWeb Application

    Firewall

    FortiGateDCFW

    FortiGateInternal NGFW

    FortiDDoSDDoS Protection

    FortiMailEmail Security

    FortiGateVM

    XSDN, Virtual

    Firewall

    FortiAPSecure Access

    Point

    DATA CENTER

    BRANCH

    OFFICE

    CAMPUS

    FortiGateCloud

    FortiWi

    FiUTM

    FortiGat

    eTop-of-

    Rack

    FortiCameraIP Video Security

    FortiVoiceIP PBX Phone

    System

    FortiGateNext Gen IPS

    FortiExtenderLTE Extension

    Secure Wireless

    Switching

    Advanced Threat Protection

    Authentication & Tokens

    Application Security

    Application Delivery/SLB

    Endpoint Security

    IP PBX and Phones

    IP Video Surveillance

    More

  • 4

    IPS

    Antivirus

    Anti-Spam

    IP Reputation

    Web Filtering

    App Control

    APT

  • 5

    :

    1. Anti-spam

    2. Antivirus

    3. Web Filtering

    IPS

    IP Reputation

    App Control

  • 6

    : /

    1. Antivirus

    2. IPS

    3. Web Filtering

    Anti-spam

    IP Reputation

    App Control

  • 7

    1. Anti-spam

    2. Web Filtering

    3. IPS

    4. Antivirus5. IP

    Reputation

    6. App Control

    ATP Sandbox

    : ATP

  • 8

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

  • 9

    1

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

  • 10

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

    2

  • 11

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

    3

  • 12

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

    4

  • 13

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

    5

  • 14

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

    C&C

    6

  • 15

    C&C

    Sa

    nd

    bo

    x

    Anti-spam

    Web Filtering

    Intrusion Prevention

    Antivirus

    App Control/

    IP Reputation

    7. SANDBOX

  • 16

    MALWARE? GOODWARE? IDONTKNOWWARE?

    Known

    Good

    Known

    Bad

    Probably

    Good

    Very

    Suspicious

    Somewhat

    Suspicious

    Might be

    Good

    Completely

    Unknown

    Whitelists Reputation:

    File, IP, App, Email

    App Signatures

    Digitally signed files

    Blacklists

    Signatures

    Heuristics

    Reputation: File, IP,

    App, Email

    Generic Signatures

    Code

    Continuum

    Security

    Technologies

    Sandboxing

  • 17

    Known

    Good

    Known

    Bad

    Probably

    Good

    Very

    Suspicious

    Somewhat

    Suspicious

    Might be

    Good

    Completely

    Unknown

    Whitelists Reputation:

    File, IP, App, Email

    App Signatures

    Digitally signed files

    Blacklists

    Signatures

    Heuristics

    Reputation: File, IP,

    App, Email

    Generic Signatures

    Code

    Continuum

    Security

    Technologies

    Solutions

    FortiGate(and/or FortiMail, FortiClient, FortiWebt, etc.)

    Sandboxing

    FortiSandbox

    MALWARE? GOODWARE? IDONTKNOWWARE?

  • 18

    Prefilters objects, identifying known threats

    Runs objects/URLs, analyzing and rating activity

    Uncovers full threat lifecycle and presentsindicators of compromise

    3 modes of operation

    Sniffer: span port mode to capture all packets

    On-demand: manual submission & analysis

    Integrated: with FortiGate, FortiMail and FortiClientto feed into and act on intelligence out of FortiSandbox

    FortiSandbox

    Network Traffic

    Cloud

    File QueryAV

    Prefilter

    Code

    EmulationFull

    Sandbox

    Callback

    Detection

  • 19

    FortiSandbox 5 STEPS TO BETTER PERFORMANCE

    Call Back Detection

    Full Virtual Sandbox

    Code Emulation

    Cloud File Query

    AV Prefilter

    Quickly simulate intended activity

    OS independent and immune to evasion/obfuscation

    Apply top-rated anti-malware engine

    Examine real-time, full lifecycle activity to get the

    threat to expose itself

    Check community intelligence & file reputation

    Identify the ultimate aim, call back & exfiltration

    Mitigate w/FortiGuard updates

  • 20

    Top-rated Breach Detection (NSS Labs Recommended)

    Customizable Environment

    Preloaded with Microsoft Windows XP and 7, 32- and 64-bit, plus Office, IE and Adboe

    Ability to select specific combination or let the system choose

    Genuine Microsoft Licenses for Windows and Office

    TOP RATED SANDBOX

    Independent third-

    party tested &

    validated!

  • 21

    FORTISANDBOX DETAILS

    Network Traffic

    Ob

    jects

    fo

    r In

    sp

    ectio

    n

    Up

    da

    ted P

    rote

    ction 3. Operating Environment

    Code emulation: OS-

    independent

    Sandbox: Windows XP, 7, 8.1,

    Server 2008/2010, IE, Office

    2. File type support

    AV Prefilter: all

    Full Sandbox: as follows

    Archived: .tar, .gz, .tar.g,

    .tgz, .zip, .bz2, .tar.bz2,

    .bz, .tar.Z, .cab, .rar, .arj

    Executable: .exe, .dll,

    PDF, Windows Office,

    Javascript, .pd

    URLs

    Media: .avi, .mpeg, mp3,

    mp4

    1. Protocol support

    FortiGate Integrated: HTTP,

    SMTP, POP3, IMAP, MAPI, FTP,

    SMB, IM

    and SSL encrypted equivalents

    Stand-alone: HTTP, FTP, POP3,

    IMAP, SMTP, SMB

    FortiMail Integrated: SMTP,

    POP3, IMAP

  • 22

    SANDBOX ONLY

    Feedback

    to/from FortiGuard

    InternetNetwork

    Traffic

    Deployed in sniffer mode FortiSandbox will preflter

    for known threats, sandbox unknown threats and

    watch for callback activity

    Inspected

    Traffic

  • 23

    NGFW + SANDBOX

    Feedback

    to/from FortiGuard

    InternetNetwork

    Traffic

    Full NGFW inspection performed on FortiGate.

    At risk objects sent to FortiSandbox, results

    received. Sandbox

    Inspection

    and Results

    Inspected

    Traffic

    Deployed in integrated mode FortiSandbox will

    receive objects, perform analysis and return results

  • 24

    CENTRAL SANDBOX FOR NGFW+SEG

    Reputation, behavior and other analysis performed by FortiMail.

    At risk messages held for FortiSandbox analysis, results acted on.

    Clean emails delivered to mail

    servers.

    Outgoing email also inspected

    Feedback

    to/from FortiGuard

    Email

    Traffic

    Internet

    Inspected

    Emails

    Network

    Traffic

    Full NGFW inspection performed on FortiGate.

    At risk objects sent to FortiSandbox, results

    received. Sandbox

    Inspection

    and Results

    Inspected

    Traffic

  • 25

    CENTRAL SANDBOX FOR NGFW + SEG + EPP

    Reputation, behavior and other analysis performed by FortiMail.

    At risk messages held for FortiSandbox analysis, results acted on.

    Clean emails delivered to mail

    servers.

    Outgoing email also inspected

    FortiSandbox prefilters, executes, analyzes and feeds

    back to FortiGate, FortiMail, FortiClient and

    FortiGuardFeedback

    to/from FortiGuard

    Email

    Traffic

    Internet

    Inspected

    Emails

    Network

    Traffic

    Full NGFW inspection performed on FortiGate.

    At risk objects sent to FortiSandbox, results

    received. Sandbox

    Inspection

    and Results

    Full EPP inspection, new files also sent

    to FortiSandbox. Results acted on.

    Inspected

    Traffic

  • 26

    8

    Anti-spam

    Web Filtering

    Intrusion

    Prevention

    Antivirus

    App Control/

    IP Reputation

    Sa

    nd

    bo

    x

    DLP

  • 27

    360

    247x

    100%

  • 28

    http://www.netwell.ru/events/?id_form=fortinet_security_day

  • +79859996477

    aandriyashin@fortinet.com

    , CISSP,

    +7 912 607 55 66,

    IYablonko@USSC.ru