FortiGate Firewall APT Sandbox
The Evolution of Advanced Persistent Threats



APT Advanced Persistent Threat

, , Shamoon , ! , .

, , social engineering Spear phishing , privileged account domain admin domain structure port scan , malware , malware , malware command and control server (C&C) backdoor , Offline C&C ( Cyber Forensics).


, , , known pattern , zero day attack malicious code anti-viruses IPS signatures .

firewall IPS anti-viruses ! zero day attacks rules signatures behavior based detection, behavior .


behavior based detection sandboxing network based sandbox Appliance vendor , endpoint based sandbox , , network based , endpoint based resources ( full hypervisor application level sandbox ).

sandboxing !

behavior , behavior resolve spam domain .
rank , 80/100 , configuration 70 malicious file block .
analysis reports :



Vendors hardware appliance ( Fortinet & TrendMicro) vendors vendor analysis rank Cisco AMP threat grid ( hardware appliance ), . , reputation ( hash ).

sandbox email security gateway sandbox ( quarantine endpoint protection system , Integration ).

malwares sandboxing system !!!


, malware Physical machines , bad behavior virtual sandbox, sandbox ! malware bad behavior human behavior machine scroll , sandbox !

malware bad behavior ( ) , sandbox rank , rank ! sandbox evasion techniques , shamoon virus sandbox., false positive , , tuning configuration .

vendors VM application environment , VM ( malware ) , sandbox on-premises , VM behavior
, integration , ( ) security awareness sessions .

FortiSandbox appliance