fortinet av
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
Inside FortiOS AVVersione 5.2.4 – Mar 2015Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche
2
FortiOS Features
3
Overview Antivirus
AntiMalware Proxy and Flow based AV Filename & File Type filtering Heuristic AV Engine File Analysis with Cloud-based or on-
premise sandboxing AV Databases options File Quarantine
Anti-Botnet Application Control Category Botnet IP Blacklist Database
Protect internal network devices against malware and other malicious codes
AV Configuration
4
Technologies
SignaturesSignatures
• Detects and blocks known malware and some variants
• Highly accurate, low false positives
• Requires up-to-date signature updates
• 3rd party validated
Behavioral Evaluation
• Detects and blocks malware based on scoring system of known malicious behaviors or characteristics
• Can be used to flag out suspicious files for further analysis
File Analysis
• Detects zero-day threats by executing codes on emulators to determine malicious activities.
• Resource intensive, performance and latency impact
Antivirus
5
Technologies
Application Control• Detects and blocks nearly 50 active
botnets • Botnet network activities by
examining traffic• Prevents zombies from data leaks
or communicates for instructions
Botnet IP Reputation DB• Detects and blocks known Botnet
C&C Communication by matching against Botnet command blacklisted IPs
• Stops dial back by infected zombies.
Antivirus
6
In-box AV functions
FortiGate as AV Gateway Network based, no agents required on hosts Can be proxied or flow based Signature set options: Normal, Extended or Extreme File Quarantine if Local storage is available
Antivirus
7
NORMAL• list of currently active threats• recently added by the Fortinet Antivirus team• detected by the FortiGuard network • the wild list database.
EXTENDED• older and recently active threats (already dropped by wild list) .
EXTREME• remaining detection signatures for all threats • zoo entries, and historical curiosities such as old DOS based viruses.
AV Signature DB Antivirus
8
AntivirusAV Engine
Code Emulator Lightweight
Emulators» Good against VM
evasion
OS-Independent file analysis, all file type» Java Scripts, Flash,
Best against Malware Injections via (compromised) web 2.0 applications
Signature Match(CPRL/Checksum)
File Sample
Decryption/unpacking System
Code EmulatorBehavior Analysis
SuspiciousForward to cloud-based FortiGuard AV service
PassNo Further Action
FortiGate AV Engine 2.0
BlockedFile discarded, option to
Quarantine and event logged
V5.2
9
In-box AV functions Antivirus
Proxy Based Flow Based
External Sandboxing • FortiCloud
Sandbox• FortiSandbox
• FortiCloud Sandbox
• FortiSandbox
Anti-Bot • FortiGuard Botnet Servers Black List
• FortiGuard Botnet Servers Black List
Protocols Supported
• HTTP/HTTPS• SMTP/SMTPS• POP3/POP3S• IMAP/IMAPS,• MAPI• FTP/SFTP• NNTP (CLI)
• HTTP/HTTPS• SMTP/SMTPS• POP3/POP3S• IMAP/IMAPS• FTP/SFTP• NNTP
Replacement message • All supported Protocols
• Limited to HTTP/HTTPS
V5.2
10
FortiGuard AV Service Antivirus
Fortinet
11
File Analysis
Integration with FortiSandbox/ FortiCloud Sandbox Automated submission all files or when file is flagged as suspicious
by AV engine Summary report is available on FortiGate dashboard
Antivirus
FortiCloud Sandbox/ FortiSandbox
Suspicious files and related logs are uploaded
1Scan results are available
on FortiCloud Portal
2
Summary results are displayed on FortiGate’s
Widget
3
V5.2
12
File Analysis
FortiSandbox Cloud Integration FortiSandbox Viewer View detailed analysis Manual source
quarantine
Antivirus
V5.2.3
13
Contattaci Gratuitamente …
Certified experts in Fortimail and email security
Certified experts in Fortiweb and web application firewall protectionCertified experts in FortiAp, FortiWifi and wireless security
CONTACTSTel. +39 049 8843198 DIGIT (5)
In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certifica-zione, raggiungendo la qualifica di Partner Of Excellence.
Innovare la tua azienda.La nostra sfida.