FortiGate Firewall APT Sandbox
The Evolution of Advanced Persistent Threats
APT Advanced Persistent Threat
, , Shamoon , ! , .
, , social engineering Spear phishing , privileged account domain admin domain structure port scan , malware , malware , malware command and control server (C&C) backdoor , Offline C&C ( Cyber Forensics).
, , , known pattern , zero day attack malicious code anti-viruses IPS signatures .
firewall IPS anti-viruses ! zero day attacks rules signatures behavior based detection, behavior .
behavior based detection sandboxing network based sandbox Appliance vendor , endpoint based sandbox , , network based , endpoint based resources ( full hypervisor application level sandbox ).
sandboxing !
behavior , behavior resolve spam domain .
rank , 80/100 , configuration 70 malicious file block .
analysis reports :
Vendors hardware appliance ( Fortinet & TrendMicro) vendors vendor analysis rank Cisco AMP threat grid ( hardware appliance ), . ,
reputation ( hash ).
sandbox
email security gateway sandbox ( quarantine endpoint protection system , Integration ).
malwares sandboxing system !!!
, malware Physical machines , bad behavior virtual sandbox, sandbox ! malware bad behavior human behavior machine scroll , sandbox !
malware bad behavior ( ) , sandbox rank , rank !
sandbox evasion techniques , shamoon virus sandbox.,
false positive , , tuning configuration .
vendors VM application environment , VM ( malware ) , sandbox on-premises , VM behavior
, integration , ( )
security awareness sessions .
FortiSandbox appliance