Technical Brochure F-SECURE THREAT SHIELD
F-SECURE THREATSHIELD F-Secure ThreatShield is a gateway-level security solution for protecting email and web traffic, with built-in network sandboxing technology. It is designed specifically to protect against spam, ransomware, phishing, and advanced targeted attacks. Its unique network sandboxing technology automatically detonates suspicious attachments and URLs, triggering a multifaceted threat detection and behavioral analysis process. With this approach, ThreatShield easily finds targeted, more advanced attacks, such as script-based and handmade malware and 0-day exploits. ThreatShield provides unique value for IT teams by combining your gateway protection needs into one unified solution. Less hardware means less maintenance load, and it also creates considerable synergy between system administrators, who can jointly manage the gateway-level protection for email, web traffic, and sandboxing. 2
KEY FEATURES F-Secure ThreatShield is a gateway-level security solution for protecting email and web traffic, with built-in network sandboxing technology. It is designed specifically to protect against spam, ransomware, phishing, and advanced targeted attacks. Supported OS: CentOS, Redhat, Ubuntu, Debian. Check the version numbers online. Multi-engine anti-malware Detects a broader range of malicious features, patterns, and trends. Web content control Enables restriction of unproductive and inappropriate Internet usage. Email scanning Scans ingoing and outgoing attachments and links for malicious content. Real-time threat intelligence F-Secure s Security Cloud identifies, analyzes, and prevents new and emerging threats. Browsing protection Proactively prevents end-users from visiting malicious and phishing sites. Advanced threat protection** Network sandbox that detonates, analyzes, and detects malicious activity. Web traffic scanning Scans for malicious content in ingoing and outgoing web traffic (HTTP & HTTPS). Spam filtering Prevents unwanted spam emails with 99.9% detection rate with zero false positives. **THREATSHIELD PREMIUM 3
KEY BENEFITS ThreatShield provides unique value for IT teams by combining email, web and sandboxing gateway needs into one unified solution. Cost-efficient prevention Preventing commodity attacks and spam, and detecting the more advanced and targeted attacks via sandboxing, early at the gateway level is vastly more cost efficient and safer than on the endpoint itself. Less infrastructure maintenance It lowers the maintenance workload by consolidating email and web gateway infrastructure, in addition to that of a network sandbox, to only one set of hardware. Team Synergies ThreatShield creates considerable knowledge and work synergies between system administrators, who can jointly manage the gateway level protection for email, web and sandboxing from one portal.management tools. 4
HOW DOES IT WORK? High-risk or suspicious content is delivered to the network sandbox component for detonation and advanced threat detection. Based on the risk profile of the content, it is delivered to F-Secure Security Cloud for in-depth analysis, including sandbox detonation. Content is subjected to a local threat analysis and detection process to filter out malware, spam, and unwanted web content. Incoming email and web traffic is directed to ThreatShield for analysis before going any further in the environment. Email and web traffic, including contents like attachments and URLS, are intercepted by HTTP(S), SMTP, and FTP proxies. Administrators have rich reporting and advanced security analytics on blocked content at their disposal, making investigation and incident response fast and effective. Protected endpoints and servers can safely browse, download, transfer, and read or open emails. 5
ADVANCED THREAT DETECTION Its unique network sandboxing technology automatically detonates suspicious attachments and URLs, triggering a multi-faceted threat detection and behavioral analysis process. With this approach, ThreatShield can easily find targeted, more advanced attacks, such as script-based and handmade malware and 0-day exploits. 1 2 3 Threat Intelligence Check The object is first analyzed based on various lightweight identifiers, such as reputation and prevalence, and is automatically blocked if any known threats are detected. This check is made for fast initial decisions, and can already filter nearly 99% of all common malicious content. Static Metadata Analysis After detonation, the object s metadata and structure is automatically extracted and put through a multi-stage static analysis process, which looks for patterns and features associated with malicious behavior. Dynamic Behavior Analysis Finally, a dynamic runtime analysis is performed to find strange, suspicious, and outrights malicious behavior, such as editing the system registry, launching network connections, making API calls, influencing system processes and drivers, and causing unusual file system activity. 6
CONTACT US TODAY FOR A FREE TRIAL www.f-secure.com/threatshield 7
ABOUT F-SECURE Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers. Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd. www.f-secure.com www.twitter.com/fsecure www.facebook.com/f-secure