Forcepoint Advanced Malware Detection (AMD)
Powered by Lastline Technology
Forcepoint Advanced Malware Detection (AMD) leverages proven Lastline technology to detect zero-day and other advanced malware. Using Lastline’s Deep Content Inspection technology, Forcepoint AMD emulates an entire host, interacting with malware to expose and observe a malicious object’s possible actions. These include advanced evasion techniques, O/S or application specific threats, dormant code analysis and even CPU and in-memory activity.
In a recent study of Breach Detection Systems (BDS) by NSS Labs, Lastline was named the most effective advanced malware detection system and was the only product to achieve 100% detection with zero false positives.
Detect evasive malware others cannot see
It’s become increasingly difficult to identify the malware components of advanced threats, mostly due to the evolution of evasion tactics and technology by criminal and nation-state threat actors.
Forcepoint Advanced Malware Detection technology is unmatched in security efficacy. Even highly evasive threats are revealed through Deep Content Inspection of activity at multiple levels, dormant code, and other indicators often overlooked by traditional sandbox security technologies.
Eliminate the distraction of False Positive results with AMD. This means your incident response team can spend its limited time responding to actual threats, not chasing down false positives and searching for indicators of compromise (IOCs).
Ease of Adoption
As an integrated module for Forcepoint CASB, NGFW, Web and Email Security, customers can easily activate the service through the cloud for high availability, scalability, low maintenance and other SaaS benefits, or deploy AMD on premises for cloud-adverse organizations.
Deep Content Inspection – A step beyond Sandboxing
As with sandboxing, Forcepoint Advanced Malware Detection provides a simulated environment for malware execution; that is where any similarity ends.
A Complete Environment
Traditional sandboxes have visibility down to the operating system level only. Forcepoint offers a unique isolation and inspection environment that simulates an entire host including the CPU, system memory and all devices. Deep Content Inspection interacts with malware to observe all the actions it might take within this complete environment, and even identifies ‘dormant code’ for special analysis.
Sandbox-only solutions provide a relatively static environment, limiting the malicious ‘behavior’ they may uncover. Because Forcepoint Advanced Malware Detection interacts with malware, it observes every action that it might take, even when those actions are delegated to the operating system or other programs. In addition, this tool identifies potentially malicious ‘dormant code’ that the malware does not execute.
Extensive Malware Detail Exposure
A comprehensive solution must do more than just stop advanced malware. Correlated incident information prioritizes the most significant threats in your network without combing through massive log files. Full attack chain visibility enables your incident response team to quickly understand the nature of the attack, making your scarce security resources more efficient.
Malware Detection Across Channels
Threat actors will find and exploit any available point of entry. Forcepoint Advanced Malware Detection integrates with other defenses, complimenting their own security capabilities to frustrate attacker efforts across multiple channels. The resulting shared intelligence improves overall visibility and strengthens each point of defense.
Forcepoint Web Security is a (cloud or hybrid deployed) Secure Web Gateway that stops advanced threats from getting in and sensitive data from getting out – whether an organization’s users are in the office, working from home or on the road. Forcepoint Advanced Malware Detection integrates with Web Security as an additional defense against zero-day and other advanced, evasive malware. Its cutting-edge classification engine, global threat intelligence, advanced malware detection and enterprise-class DLP work together to make strong security easy to deploy. It delivers real-time web protection for increasingly mobile workforces and can share policies and context with Email Security to thwart advanced, coordinated web and email attacks with complete inbound and outbound defenses.
Forcepoint Email Security stops spam and phishing emails that introduce ransomware and other advanced threats before they can infect systems with malware. Forcepoint Advanced Malware Detection integrates with Email Security as an additional defense against zero-day and other advanced, evasive malware. The comprehensive defenses of Forcepoint Email Security integrate: highly effective analytics, URL Wrapping, Phishing education, and advanced malware detection for inbound protection—as well as integrated DLP as an outbound control and email encryption for secure communications. Operating on the security industry’s most secure cloud infrastructure, Forcepoint Email Security delivers unparalleled phishing, malware and DLP protection for Microsoft Office 365 and other popular email systems.
Forcepoint Next Generation Firewall (NGFW) connects and protects people and their data throughout offices, branches, and the cloud – all with the greatest efficiency, availability and security. It applies multiple scanning techniques to files found in network traffic, allowing administrators to tailor granular levels of security to the specific needs of each connection. Forcepoint Advanced Malware Detection integrates with Forcepoint NGFW as an additional defense against zero-day and other advanced, evasive malware. Forcepoint NGFW can deploy, monitor, and update thousands of firewalls, VPNs and IPSs from a single console – cutting network operating expenses up to 50%. It eliminates downtime with high-availability clustering and Multi-Link networking, block attacks, and manages encrypted traffic without hurting performance. As the pioneer in Advanced Evasion Technique (AET) defenses and proxy technologies for mission-critical applications, Forcepoint NGFW gives you security without compromise.
Forcepoint CASB delivers visibility and control over cloud applications and helps eliminate the security and compliance blind spots created in a cloud-first world. It quickly discovers unsanctioned cloud applications and assesses their associated risks, as well as the ability to control how sanctioned cloud applications such as Office 365, Google Suite, Salesforce, Box, Dropbox and others are used in order to prevent the loss of critical intellectual property. With Forcepoint CASB, organizations can truly embrace the Cloud by ensuring that their users are not engaging in risky behaviors - without slowing them down.
Deep Content Inspection:
The industry’s best malware detection engine
Forcepoint chose Lastline as a partner for Advanced Malware Detection because of their leading malware detection capabilities (as demonstrated in the NSS Labs study). The sandbox is based on a unique architecture that emulates and analyzes the activity of an entire host, including the CPU, system memory and all input/output devices. Often missed by other security technologies, Lastline’s Deep Content Inspection provides visibility into the behavior of malicious code by emulating a complete operating system and hardware environment. Emulation eliminates the clues that malware often uses to evade detection in more traditional, virtualized sandboxes.
Integrated with Forcepoint defenses across all key threat vectors
AMD is available as a fully integrated option for Forcepoint CASB, NGFW, Web Security and Email security. In this integration, Forcepoint’s core solutions first assess the broader context of an internet transaction for potential indicators of compromise. After performing static analysis of suspicious files, AMD can be called upon to perform the deep behavioral analysis necessary to identify zero-day threats and other modern malware.
Available as a cloud service or on-premises solution (for more cautious or otherwise cloud-adverse organizations), Forcepoint AMD is the perfect complement to your Forcepoint CASB, NGFW, Web Security or Email security solution. It provides unparalleled threat detection, as well as consistent threat forensic information, to optimize incident response teams.
Forcepoint AMD will give you all the information you need—regardless of the threat vector—while ‘zero-false positives’ means you’ll spend your valuable time working against true threats. Regardless of your size or industry, Forcepoint provides the comprehensive security solutions you need to challenge today’s fast evolving, highly evasive threats.
Breach Detection Systems:
Evaluated for comprehensive security effectiveness
NSS Labs conducted rigorous, comprehensive testing to determine how well each product detects advanced threats and attack methods. Vendor products were evaluated in numerous areas, including:
- Detection of online infections
- Detection of drive-by, social, HTTP and email driven attacks
- Resistance to advanced evasion techniques
- Number of false positives
- Maximum capacity
- HTTP capacity with no transaction delays
- Real-world traffic mixes
Total Cost of Ownership (TCO)
Lastline is #1 for overall security effectiveness
NSS Labs analyzed the security effectiveness and total costs of each product to determine the Overall Security Value Map. Lastline was identified as the solution with the greatest overall security effectiveness.
Download the Forcepoint Advanced Malware Detection (AMD) Datasheet (.PDF)
- Pricing and product availability subject to change without notice.