Huawei FireHunter6000 series sandbox
Multi-layer In-Depth Detection with 99.5% Accuracy or above
• Simulating multiple software operating environments and
operating systems
The FireHunter6000 provides heuristic detection for PE, PDF, and
Web files, and virtual execution environment. The virtualized
Huawei FireHunter6000 series sandbox execution environment supports various versions of Windows
operating systems, browsers, and office software.
• Combined static and dynamic detection
Product Overview Static detection analyzes code snippets, abnormal file formats
and malicious behavior in scripts to pinpoint suspicious traffic.
Advanced Persistent Threats (APTs) often use social engineering to
This is combined with dynamic detection which monitors the
obtain contact information and send phishing emails to unsuspecting
instruction stream, identifies files and server operations and
people. They exploit security vulnerabilities in Internet of Things
provides correlation analysis to determine traffic legitimacy.
(IoT) devices, and hide, without being detected, in high-value
• Advanced anti-evasion
business assets to steal or compromise target information. Attacks
Numerous anti-evasion technologies prevent malware from
are commonly seen in compromised infrastructure, such as the
staying stealth and evading detection.
finance sector, resource suppliers, and government agencies, affecting
people’s livelihoods. Before launching attacks, perpetrators are usually
well-prepared and wait patiently for their opportunity. Once attacks Detection and Rapid Blocking of Malware in seconds
are launched, perpetrators usually use technologies, such as advanced • Industry-leading performance
evasion techniques in combination, to exploit known vulnerabilities. Scalable sandbox throughput by deploying multiple FireHunter
This makes the security devices that detect attack traffic ineffective. sandboxes in clusters.
The Huawei FireHunter6000 series of sandbox products is a new- • Real-time processing
generation, high-performance APT detection system that can Provide threat detection and response time in seconds.
accurately identify malicious files. FireHunter6000 series products • Detailed threat reports aid in O&M and decision-making
are designed to work in conjunction with next generation firewalls Detailed reports include results of file inspection, relevant session
(NGFWs), analyzing the extracted suspicious files in a virtualized information, abnormal file formats and behavior, abnormal
environment to identify viruses and unknown malicious attacks. network communication, and behavior of the virtual execution
Huawei FireHunter6000 series products can analyze and collect static environment, network and host.
and dynamic behavior of advanced malware through reputation-
based scanning, real-time behavior analysis, and threat intelligence Product Deployment
update from the cloud. With the unique Huawei ADE threat detection • Deploy in conjunction with NGFW devices
engine, the FireHunter6000 series and NGFW can detect, block, and NGFW devices reassemble files, decrypted (SSL) if necessary and
report suspicious traffic, effectively preventing the spread of unknown send them to the sandbox for inspection.
threats and loss of core enterprise information assets. • Single-node deployment
Traffic is mirrored onto the sandbox to be reassembled and inspected.
Product Features
Inspection of over 50 File Types for Comprehensive
Detection of Unknown Malware
• Comprehensive traffic restoration and detection Huawei NGFW
FireHunter6000
File reassemble
The FireHunter6000 is capable of identifying all major file transfer
protocols, such as HTTP, SMTP, POP3, IMAP, FTP and SMB, and Detection result
detecting malicious files transmitted using these protocols.
• Detection of major file types
The FireHunter6000 can detect malicious code in major
application software and over 50 file types, including PE, PDF,
Web, Office, images, scripts, SWF, and COM.
�Huawei FireHunter6000 series sandbox
Product Specifications *
Major Functions
Category Description Detailed Description
Supported operating Simulation of multiple types of operating systems, dynamic detection in
Wine
systems a virtual execution environment
Protocols supported in Restoration of traffic of multiple
Restoration of HTTP, SMTP, POP3, IMAP, and FTP traffic
traffic restoration protocols
Compressed files GZ, RAR, CAB, 7ZIP, TAR, BZ2, and ZIP files
PE EXE, DLL, and SYS files (detection of 32-bit PE files not supported)
Office 97 to Office 2003 DOC, XLS, and PPT files
DOCM, DOTX, and DOTM files
Office 2007 and later XMSM, XMTX, XLTM, and XLAM files
PPTM, POTX, POTM, PPSX, PPSM, and PPAM files
RTF RTF files
Image JPG, JPEG, PNG, TIF, GIF, and BMP files
File types supported in
detection
WPS WPS, DT, and DPS files
Web page HTM, HTML, and JS files
Video SWF files
Java JAR and CLASS files
PDF PDF files
Python PY, PYC, and PYO files
Executable scripts CMD, BAT, VBS, VBE, RUBY, PS1, and PY files
Built-in antivirus function supports the detection of CHM, ASP, PHP, COM, and ELF files, in addition to the
Built-in antivirus detection
preceding file types.
Output of detailed malicious file detection reports that contain the file detection details, threat behavior
Report output
category, and dynamic behavior analysis
* This content is applicable only to regions outside mainland China. Huawei reserves the right to interpret this content.
GENERAL DISCLAIMER
The information in this document may contain predictive statement including, without limitation, statements regarding the future financial and operating results, future
product portfolios, new technologies, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or
implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may
change the information at any time without notice.
Copyright © 2022 HUAWEI TECHNOLOGIES CO., LTD. All Rights Reserved.
