Advanced Malware has become so sophisticated that it can easily evade traditional security solutions including firewalls, IPS and Anti-Virus technologies. To address advanced malware, the Hillstone Cloud Sandbox delivers a unique, advanced threat detection platform that can emulate the execution environment and analyze all activities related to malicious files, identify advanced threats and collaborate with existing solutions to provide rapid remediation.
High detection rate with both static and behavioral analysis
The malware sample database on the Hillstone cloud contains more than 1 billion samples. It quickly detects whether any uploaded file matches with the malware samples. Hillstone Cloud Sandbox can simulate running environments and trigger file behaviors such as creating processes, modifying registry and requesting back chain. Unknown threats can be detected by analyzing the file behavior.
Instant deployment of cloud infrastructure
Hillstone Cloud Sandbox is seamlessly integrated with existing Hillstone technology and solutions, such as the Next-Generation Firewall and Hillstone CloudEdge. It can be deployed instantly and seamlessly without network disruption.
Protection of encrypted traffic
Since SSL encryption technology has become popular, more and more applications use HTTPS. However, today’s malware also uses SSL encryption technology to escape from detection. Hillstone Cloud Sandbox can decrypt the encrypted traffic and restore the files in the encrypted traffic. With this approach, malware can be detected, even if they are hidden in the encrypted traffic.
Measurements against the anti-sandbox technology
Hillstone Cloud Sandbox supports the identification and detection of anti-sandbox malwares. By hiding the sandbox processing information such as kernel model and registry information, Hillstone Cloud Sandbox can simulate the running environments. To avoid malware from escaping from detection, Hillstone Cloud Sandbox simulates manualand interactive operations and takes over the API, so that the malware behavior can be triggered.
Comprehensive threats information in the reports
Upon detecting malware and unknown threats, Hillstone Cloud Sandbox displays alarms and notifications, as well as comprehensive reports of malware behavior in the administration panel of the firewall. Network behavior, process behavior, file behavior, and file key information are displayed in the reports. The process for the attack is visualized through the Kill Chain analysis on firewall platforms, so that security administrators can take appropriate action.
Constantly updating signature database
Hillstone Cloud Sandbox generates threat intelligence based on the malware it detects and updates the intelligence information to the signature database of the Hillstone Next-Generation Firewalls. It helps administrators adjust security strategies to protect their IT resources from new newer and advanced attacks.
(Layer 1) transparent inline deployment