OREANDA-NEWS. Huawei unveiled its new FireHunter Sandbox at RSA Conference 2015. Designed to prevent APT attacks, the New FireHunter Sandbox can detect and report up to 99.5 percent of "grey" traffic in real-time through local and cloud techniques such as reputation scanning, real-time behavior analysis, and big data correlation. This controls the spread of unknown threats and minimizes the loss of key and sensitive information of large enterprises such as financial institutions, government agencies, and energy companies.

"As the beachhead against APT attacks, Huawei’s new FireHunter Sandbox Solution is the first and most important part of an enterprise’s defense against such attacks as it can identify and eliminate the APT attack in its tracks", said Mr. Liu Lizhu, General Manager of the Security Gateway, Switch and Enterprise Communications Product Line, Huawei. "With an ability to identify more than 20 file types and 6,000 common protocols, the FireHunter Sandbox Solution can simulate operating systems (OS), office automation (OA) systems, and browser environments to detect illegitimate traffic. It can also reveal the various attack behaviors of software through static inspection and dynamic and virtualized execution to prevent unknown threats and APT attacks, which often use advanced evasion techniques (AET)."

In our digital age, enterprises are becoming better connected with customers and this presents new challenges for traditional security architecture. Traditional security measures cannot prevent emerging APT attacks, many of which have the potential to cause significant financial and reputational loss to enterprises. As a result, under the RSA Conference’s theme of “Change: Challenge Today’s Security Thinking”, unknown threat detection has been identified as one of the hot topics at RSA this year and the event’s Innovation Sandbox Contest has generated attracted significant interest among event participants.

In unknown threat prevention, the most challenging issue is effectively achieving a balance between sandbox performance and inspection efficiency, in addition to false positives and negatives. An efficient sandbox must use a unique layered defense system to scan for malicious traffic from coarse to fine granularities to ensure both scanning performance and response speed. To achieve this, Huawei’s FireHunter Sandbox uses a three-layer inspection system. The first layer is reputation matching, which quickly detects up to 80 percent of common threats using the daily-updated IP, Command & Control (C&C), file, and web reputation databases. The second layer is heuristic inspection, which performs fine-grained analysis of code and calls of application programming interfaces (APIs). The third layer is virtualized execution, which executes files in virtualized Windows, browser, Acrobat Reader, or Microsoft Office environments to reveal malicious behaviors and zero-day attacks.

At the event, Huawei also showcased its latest cloud-pipe-device security solution that integrates cloud data center, campus network, bring your own device (BYOD), and long term evolution (LTE) security solutions and the first-ever Internet of Things (IoT) endpoint security solution to build a comprehensive security system for customers that are addressing increased data security challenges.