Today’s advanced persistent threats (APTs), malware, and data-stealing infections are using port-evasive techniques to invade your network, where they can stay hidden for months. And because preventing 100% of malware is unrealistic, you need a proactive approach, with advanced persistent defense that not only blocks APTs, but also finds infections already on the network, so you can respond and mitigate them in real- time to prevent data loss. iboss’ FireSphere™ is the only solution that provides signatureless APT defense and infection detection technology highlighted by our full Web stream visibility. Combining the lean forward technologies of continuous infection monitoring, baselining anomaly detection, behavioral sandboxing, an integrated threat SIEM console, and other innovative features, iboss delivers unmatched protection against the pernicious threats that plague modern networks.

FireSphere™ APT Defense in LayersBehavioral Sandboxing

While an AV signature/heuristic da-tabase provides an essential line of defense to your network security, it can only detect malware with known signatures. FireSphere™ Sandboxing detects, isolates and dissects APTs, evasive malware, zero-day attacks and polymorphic viruses that sig-natures alone can’t block. And Fire-Sphere™ includes innovative technol-ogy such as file baiting, designed to identify and analyze the malware cre-ated to evade traditional solutions.

Deep File Analysis – FireSphere™ Sandboxing isolates and dissects files for deep analyses, providing the complete taxonomy of ad-vanced malware behavior that enhances resilience to future ma-licious evasion.

Full System Emulation – By em-ploying multiple machine emula-tors and file types, FireSphere™ can identify malicious code, thwart evasion techniques and help prevent future exploits. This results in actionable threat intel-ligence that is immediately syn-chronized across the entire iboss database, offering real-time pro-tection against threats, standard security solutions miss.

FireSphere™ Advanced Defense Against APTs

The FireSphere™ Advantage The only Web security solution that combines both signatureless malware defense and infection detection at the gateway

The only Web security solution to provide stream based APT defense with layer 7 visibility across the full web stream not just ports 80 and 443

The only Web security solution with an integrated advanced threat SIEM for effective infection investigations and forensics

The only Web security solution that leverages network baselining technology to detect elusive infections masking C&C communications

FireSphere™ minimizes the time from infection to detection with continuous connection monitoring that delivers Zero-second detection of malware hiding on your network

It provides unrivaled security for BYOD and heterogeneous device environ-ments by quarantining high-risk devices and users

FireSphere™ easily scales to fit even the largest, distributed enterprise environments

File Baiting – FireSphere™ offers unique File Baiting technology to uncover threats that use evasive techniques or polymorphic virus-es that evade detection by con-stantly changing. FireSphere™ in-tercepts suspicious files and tests their behavior on bait files in a controlled environment, generat-ing actionable intelligence reports

Continuous Infection Monitoring

FireSphere™ continuous infection monitoring leverages iboss unrivalled visibility to detect malware already in your network and alert you so that immediate action can be taken.

Detection and Containment of Active Infections – FireSphere™ continuously monitors and in-spects all 131 thousand inbound/outbound data channels to find active infections on the network and contain them before data loss can occur.

Actionable intelligence – Fire-Sphere™ is integrated with advanced threat SIEM reporting to provide investigative and fo-rensic tools that give you power-ful insight into when malware first entered your network, who got infected, how the infection spread and other machines on your net-work that might be compromised.

Command and control (C&C) callback detection – Data loss of-ten occurs when a bot hiding on the network tries to contact C&C outside. FireSphere's™ continu-ous monitoring detects C&C at-tempts before they are successful, giving you time to respond and mitigate.

Network Baselining

FireSphere™ includes Network Base-lining for data anomaly analysis, a crit-ical protection layer that increases in-fection detection and identifies viruses that use evasive tactics to mask C&C communications.

Full System EmulationFull System Emulation finds evasive malware and updates signatures to prevent future attacks.

File Baiting

Behavioral Sandboxing

HTTP Request

ServerClient

Intercept Unknown File Request

HTTP Request

Analyze FileMonitor Bait

Generate Report

File Upload BehaviorAnalyzedActionable

ThreatIntelligence

Sync to iboss Closed Loop

DatabaseFile

Opened/Run

Here’s how FireSphere™ Baselining Works:

1. FireSphere™ employs iboss full Web stream visibility and advanced threat SIEM to store his-torical data logs, which are essen-tial to establishing a connection baseline of normal behavior for your organization.

2. FireSphere™ continuously mon-itors a range of parameters in-cluding connection counts, desti-nation, Bytes In/Out, and unusual deviations in traffic, to pinpoint unusual behavior that can signify the network has been compro-mised.

3. Once a problem is revealed, the data transfer is stopped and you are alerted, giving you time to in-vestigate and remediate.

Other FireSphere™ Baselining features include:

FireSphere™ continuous infection monitoring leverages iboss unrivalled visibility to detect malware already in your network and alert you so that immediate action can be taken.

iboss’ patented stream-based technology can stop data trans-fers mid-stream, quarantine and send an alert

Threat GeoMapping integrates with advanced threat SIEM re-porting to identify threat loca-tions and heat maps that pinpoint threats across a global map. This shortens your response time to protect data.

Streamlined Directory Services Integration supports Active Direc-tory, eDirectory, OpenLDAP, Oracle ID and others, to give you detailed user and group-based reports and alerts, for accurate policy enforce-ment and data loss prevention across all mobile/BYOD users.

Device Quarantine

FireSphere™ contains the spread of infections by network-wide scanning for infected machines and high-risk user behavior, and immediately quarantining machines that are har-boring malware or engaging in risky behavior. This protection extends across your organization to encom-pass all users whether on-or-off net-work, on mobile devices or BYOD.

Intrusion Detection and Prevention

Because today’s APTs and advanced malware use evasive techniques de-signed to circumvent network secu-rity, FireSphere Intrusion Detection and Prevention System (IDPS) layer combines continuous monitoring, granular application control and a dynamically updated signature/heu-ristic AV database to scan for attack patterns and network anomalies that indicate exploits such as network probes and port scans. With iboss’ unrivalled visibility over the full in-bound and outbound Web stream, FireSphere is able to quickly detect suspicious intrusion attempts that other solutions miss. The IDPS layer uses content aware data inspection, DNS scanning and SSL anomaly de-tection to find intrusion attempts and block them in real time. It also provides multiple protocol inspec-tion that includes SSH, RPC, SIN/VOIP, IMAP, and POP to protect against intrusion attempts across all users whether onsite or on mobile devices.

Blended Signature and Heuristic AV

Single source database feeds are no longer effective. FireSphere™ inte-grates best-of-breed AV and anti-mal-ware resources to detect malware and viruses in real time, and uses its innovative and proprietary database cloud synchronization to update the malware database dynamically, for continuous, real-time protection. Using malware feeds from a variety of proprietary and best-of-breed sources as well as APT defenses from FireSphere™ Sandboxing and Fire-Sphere™ Baselining, iboss continu-ously synchronizes these feeds and delivers them to our Web Security database, where they are disbursed across all users whether on-premis-es or in-the-cloud. This dynamic and continuous database cloud synchro-nization offers immediate protection from new malware that standard se-curity solutions can’t match.

Advanced Threat SIEM Reporting

FireSphere™ is integrated with advanced threat SIEM Reporting, which provides invaluable foren-sic-level intelligence that supports every layer of FireSphere’s™ APT defense. Iboss’ dynamically indexed data logs provide instantly retriev-able historical reporting for up to a year, allowing you to quickly identify risks and threats with actionable in-telligence to help prevent data loss.

Delivers Powerful Layered Defense Against APTs, Evasive Malware, Polymorphic Viruses and Data Loss

iboss Next-Generation Solutions

iboss patented technology protects organizations from APTs, targeted attacks and data loss with innovative Web Security, Mobile Security and FireSphere™ advanced APT defense solutions. All iboss solutions are integrated with our exclusive advanced threat SIEM single-pane-of-glass reporting.

Web Security with integrated BYOD and Bandwidth Management

FireSphere™ for advanced defense against APTs

Mobile Security with integrated MDM

iboss, Inc. (P) 877.742.6832 Sales@iboss.com U.S. HQ 9950 Summers Ridge Rd., Bldg. 160 San Diego, CA 92121© 2014 All rights reserved. iboss, Inc. All other trademarks are the property of their respective owners.

www.iboss.com | +1 877.742.6832

iboss (On-Premise or Cloud)

iboss Cloud Malware Feeds

Active ThreatMonitoring Feeds

(Multiple Feeds)

DNS Mining

(Multiple Feeds)

Malware Harvesting

(Private/Customer Feeds)

Real-Time Transactional Cloud Sync

iboss FireSphere Layered APT Defense

APT DefenseBehavioralSandboxing(Preventing)

InfectionMonitoring

(Detect)

MinimizingDwell Time

Data AnomalyBaselining

(Detect)

Infection Quarantine

High-RiskQuarantine

(Respond)

ExploitDefense

IPS(Prevent)

MalwareDetection

Signature &Heuristic A/V

(Prevent/Detect)

Integrated Advanced Threat SIEM - Threat & Event Console

Baselining InfectionMonitoring

Sandboxing IPS Signature &Heuristic AV

Inbound

Outbound

Egress

Servers DNS

C&CCenter

Suspicious Server Behavior?

Infected Devices?