Fidelis Cybersecurity’s malware detection capabilities consist of inline, real-time detections which are further enhanced by offline Sandbox scanning using more advanced methods. The Sandbox is available as a cloud service that is included at no extra cost in any Fidelis Network, Endpoint or Deception sale. An on-premise version is also available as an appliance at an additional cost for use with Fidelis Network.
This paper describes the key detection methods offered by Fidelis Sandbox, including behavior analysis, machine learning classifiers, AV lookup, external lookup, PCAP analysis, and forced code execution. These detection methods are explained and compared between what’s available with the cloud and on-premise appliance versions. The paper uses data collected over a five-month period to explain detection rates for the various methods available in the Fidelis Sandbox.