Proactive threat protection not updating
In addition to detecting malicious code variations, CPRL is also able to deeply inspect and detect code that is searching to see if it is in a sandbox environment, thereby rendering its evasion technology irrelevant.
Detected code is also cross-referenced with global threat intelligence from Forti Guard Labs to ensure that data is always being compared against the very latest threat findings.
And far too many organizations are willing to help them by not even doing the basics like patching and updating.
As we help organizations gear up to protect themselves from ransomware, security channel partners must be aware of the updated features they are combating, such as the development security evasion techniques, and offer their customers effective and competitive solutions.
We also recently learned that Wanna Cry used an anti-sandbox program, albeit one that was poorly planned, as the ransomware was mitigated by being tricked into thinking it was in a sandbox environment and thereby destroying itself.
Sandboxes are a popular security measure that execute potentially threatening code in an isolated, virtual environment.
That is why it is combined with other ATP tools such as firewalls, secure email gateways, and endpoint security to minimize resource strain and keep network speeds high.
This multi-tiered security approach enables simultaneously communication and integration with each device deployed in the ATP ecosystem, across the extended Fortinet Security Fabric, as well as with the broader Forti Guard global network.
Systems are updated with intelligence gathered across the entire global Fortinet network, as well as with local intelligence from the sandbox and other security devices deployed in the network.However, there can be thousands of variations of the same malicious code that are not detected via signature-based security.Fortinet’s Compact Pattern Recognition Language (CPRL), however, is a proactive signature detection technology that can distinguish over 50,000 code variations within a malware family, and stop them from infecting your network.If the code is malicious, it is not allowed to proceed into the network.
Now, advanced ransomware and other malware variants have evolved to detect when they is in a sandbox, and automatically disguise themselves as innocent until they are cleared to enter the network.
Even worse, when the Petya ransomworm was launched a few weeks later, using the exact same attack vectors as Wannacry, tens of thousands of organizations were still affected.