Cloud Sandboxing Against

Advanced Persistent Attacks

Ric Leung

Director of Product Management

Huawei Technologies Co., Ltd.

CANTO 2017

2

Sandboxed Defense

of APTs

Ineffective Traditional

Defenses

Traditional Defenses Are Ineffective Against Advanced Unknown Threats

Intensifying APT Attacks

Frequent Data Leaks

Considerable Financial

Losses

3

Sandbox

Cloud Sandboxing Enables Easy Defense Against Advanced Attacks

Independent from Hardware

and Personnel Requirements

Cost-effective

Detection

Comprehensive

Cloud Security

Efficient

Deployment

Rapid

4

Integrated Cloud Sandboxing Defense System

Cloud Sandbox Imitates an OS

Web Security

Sandbox

PE Security

Sandbox

PDF Security

Sandbox

Cloud Reputation Databases

Web Reputation File ReputationIP Reputation

Cloud Signature Databases

URL DatabaseIPS Signature

Database

Application

Signature Database

Antivirus Signature

Database

Experts Provide

In-Depth Analysis

② Inspect

Administrator

Generate Reports and

Security Posture Awareness④ Review

Query Portal

Cloud Sandbox Detection:

Service

Subscription

Model

NGFW③ Defend

① ReportSuspicious

Files

5

Cloud

Security

Competence

Center

Emulate an actual environment to detect abnormalities

• Detects unknown malicious files, abnormal Command and Control

(C&C)

• Horizontal scalability

• Cloud Sandbox Portal

Cloud Sandbox

Identify reputation values of inspected items

• File reputation

• IP reputation

• Web reputation

Cloud Reputation

Determine information about threats and attacks

• Domain queries

• File queries

• Reputation queries

Cloud Intelligence

Evaluate high-risk items for experts to analyze

• 24/7 professional support

• Important information provided for expert

manual analysis

Cloud Experts

Assess network security situation

• Visual display of network-wide known and

unknown threats

• Visual display of network-wide attacks

• Network-wide security posture awareness

Cloud Security Posture

Cloud Sandbox Security Capabilities Are Continually Updated

6

Rapid

Deployment

Network-wide

Detection

Threat

Visualization

Ecosystem

Partnerships

Advantages of Cloud Sandbox

7

Sandbox Devices Cloud Sandbox

• Specific device protection

• Online device

deployment

• Expert administrators

• Configuration and

maintenance

• Upgrades and expansion

• Uses existing network

security devices

• Service subscription

• Zero configuration

• Expert analysis available

anytime

Rapid Deployment: One-click Advanced Threat Defense Subscription

8

ServersNetwork security devicesTerminals

Associated Devices

Blocking Isolation Signature update

Associated Policies

Notification

Auto-Synchronization Policy Delivery

Network-wide Threat Posture

• Overall security ratings

• City threat levels

• Rankings of assets by risk

• Rankings of countries by attack origin

frequency

• Rankings of events by handling priority

Agile Controller

Threat Visualization: Real-time Security Posture Display and Threat Prediction

9

Identifiable File

Types

Simulated OSs

Simulated

Browsers

Simulated Office

Versions

Identifiable

Protocols

Simulated Adobe

Reader Versions

HTTP SMTP POP3 IMAP FTP HTTPS

EXE Office PDF JS WPS RAR

XP Win 7 Win10

IE Firefox Chrome

2003 2007 2010 2013 2016 WPS

R8 R9 RX RXI

40+ types

• Cloud sandboxes can detect many file types and

simulate many OSs.

• Ensures sandbox detection is accurate and

comprehensive

Network-wide Detection: Leaves Unknown Threats with Nowhere to Hide

10

Minute-level global

synchronization of cloud threat

information as it is perceived

Cloud sandbox

detection rate

Intelligence Sharing: Defends Against the Latest APT Attacks

11

Cloud LocationsCurrently: China and Germany

Planned: Ireland, Japan, North America, and Australia

Evolution of Huawei’s Cloud Sandbox Deployment Around the Globe

Cloud Sandbox Portal: sec.huawei.com

North America

Australia

China JapanGermany

Ireland

Copyright©2017 Huawei Technologies Co., Ltd. All Rights Reserved.

The information in this document may contain predictive statements including, without

limitation, statements regarding future financial and operating results, future product

portfolio, new technology, etc. There are a number of factors that could cause actual

results and developments to differ materially from those expressed or implied in the

predictive statements. Therefore, such information is provided for reference purposes

only and constitutes neither an offer nor an acceptance. Huawei may change the

information at any time without notice.

Thank You.

All logos and images displayed in this document are the sole property of their respective copyright holders. No endorsement, partnership, or affiliation is suggested or implied.