© Copyright Fortinet Inc. All rights reserved.

Inside FortiOS AVVersione 5.2.4 – Mar 2015Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche

2

FortiOS Features

3

Overview Antivirus

AntiMalware Proxy and Flow based AV Filename & File Type filtering Heuristic AV Engine File Analysis with Cloud-based or on-

premise sandboxing AV Databases options File Quarantine

Anti-Botnet Application Control Category Botnet IP Blacklist Database

Protect internal network devices against malware and other malicious codes

AV Configuration

4

Technologies

SignaturesSignatures

• Detects and blocks known malware and some variants

• Highly accurate, low false positives

• Requires up-to-date signature updates

• 3rd party validated

Behavioral Evaluation

• Detects and blocks malware based on scoring system of known malicious behaviors or characteristics

• Can be used to flag out suspicious files for further analysis

File Analysis

• Detects zero-day threats by executing codes on emulators to determine malicious activities.

• Resource intensive, performance and latency impact

Antivirus

5

Technologies

Application Control• Detects and blocks nearly 50 active

botnets • Botnet network activities by

examining traffic• Prevents zombies from data leaks

or communicates for instructions

Botnet IP Reputation DB• Detects and blocks known Botnet

C&C Communication by matching against Botnet command blacklisted IPs

• Stops dial back by infected zombies.

Antivirus

6

In-box AV functions

FortiGate as AV Gateway Network based, no agents required on hosts Can be proxied or flow based Signature set options: Normal, Extended or Extreme File Quarantine if Local storage is available

Antivirus

7

NORMAL• list of currently active threats• recently added by the Fortinet Antivirus team• detected by the FortiGuard network • the wild list database.

EXTENDED• older and recently active threats (already dropped by wild list) .

EXTREME• remaining detection signatures for all threats • zoo entries, and historical curiosities such as old DOS based viruses.

AV Signature DB Antivirus

8

AntivirusAV Engine

Code Emulator Lightweight

Emulators» Good against VM

evasion

OS-Independent file analysis, all file type» Java Scripts, Flash,

PDF

Best against Malware Injections via (compromised) web 2.0 applications

Signature Match(CPRL/Checksum)

File Sample

Decryption/unpacking System

Code EmulatorBehavior Analysis

SuspiciousForward to cloud-based FortiGuard AV service

PassNo Further Action

FortiGate AV Engine 2.0

BlockedFile discarded, option to

Quarantine and event logged

V5.2

9

In-box AV functions Antivirus

Proxy Based Flow Based

External Sandboxing • FortiCloud

Sandbox• FortiSandbox

• FortiCloud Sandbox

• FortiSandbox

Anti-Bot • FortiGuard Botnet Servers Black List

• FortiGuard Botnet Servers Black List

Protocols Supported

• HTTP/HTTPS• SMTP/SMTPS• POP3/POP3S• IMAP/IMAPS,• MAPI• FTP/SFTP• NNTP (CLI)

• HTTP/HTTPS• SMTP/SMTPS• POP3/POP3S• IMAP/IMAPS• FTP/SFTP• NNTP

Replacement message • All supported Protocols

• Limited to HTTP/HTTPS

V5.2

10

FortiGuard AV Service Antivirus

Fortinet

11

File Analysis

Integration with FortiSandbox/ FortiCloud Sandbox Automated submission all files or when file is flagged as suspicious

by AV engine Summary report is available on FortiGate dashboard

Antivirus

FortiCloud Sandbox/ FortiSandbox

Suspicious files and related logs are uploaded

1Scan results are available

on FortiCloud Portal

2

Summary results are displayed on FortiGate’s

Widget

3

V5.2

12

File Analysis

FortiSandbox Cloud Integration FortiSandbox Viewer View detailed analysis Manual source

quarantine

Antivirus

V5.2.3

13

Contattaci Gratuitamente …

Certified experts in Fortimail and email security

Certified experts in Fortiweb and web application firewall protectionCertified experts in FortiAp, FortiWifi and wireless security

CONTACTSTel. +39 049 8843198 DIGIT (5)

contacts@lanewan.itwww.lanewan.it

In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certifica-zione, raggiungendo la qualifica di Partner Of Excellence.

Innovare la tua azienda.La nostra sfida.