The traditional approach to securing networks focuses on inbound threat blocking, which is essential, but blocking 100% of malware has become unrealistic. Many security vendors have bolstered their inbound solutions by adding sandboxing, but some evasive malware is still getting through. FireSphere Advanced APT Defense offers multiple layers of protection that combine inbound security, including sandboxing, with active infection detection, to keep threats from entering your network, while ensuring your data doesn’t leave. And unlike many competitors, FireSphere ensures that you aren’t overwhelmed with alerts and false positives, by applying unique forensic technology that correlates and analyzes threats to deliver actionable intelligence, enabling you to quickly remediate problems before data loss occurs.

FireSphere Highlights

  • Superior threat protection that combines both signatureless malware defense and infection detection at the gateway
  • Comprehensive analysis of suspicious files with behavioral sandboxing in the cloud, or on-premises, including auto-deposit and on-demand functionality
    • Unrivaled data protection with anomaly detection through network baselining, a feature no one else offers
    • Actionable intelligence with fewer alerts and false positives via the CISO Command Center and the Threat Intelligence Cloud

Leading Features

Cloud and On-Demand Sandboxing

FireSphere Advanced Sandboxing employs proprietary technology designed to detect the malware created to evade detection by standard sandboxing solutions. It isolates and executes suspicious files in a safe environment, to deliver in-depth analysis of complex malware and polymorphic viruses. And unlike standard solutions, FireSphere’s automated cloud sandboxing scans across ALL files and URLs and includes an exclusive on-demand feature, to give you optimal behavioral intelligence on suspicious files and malware. 

Behavioral Sandboxing

Auto-Deposit or On-Demand

A robust AV signature/heuristic database provides an essential line of defense to your network security, but it can only detect malware with known signatures. That’s why iboss FireSphere includes proprietary behavioral sandboxing to add a crucial layer of protection against APTs, evasive malware and data loss.

FireSphere Sandboxing detects and isolates signatureless malware by auto-depositing it in a secure environment where it can be executed and analyzed to determine its behavior and threat potential. You can also analyze suspicious files with FireSphere’s unique on-demand feature, giving you comprehensive protection other sandboxing solutions don’t offer. And while other security solutions are adding sandboxing, there is an increasing number of APTs, evasive malware, zero-day attacks and polymorphic viruses designed to circumvent standard sandboxes. That’s why iboss’ unique sandboxing technology was developed to detect and analyze the evasive threats designed to evade standard solutions.

Advanced protection against signatureless malware

FireSphere Sandboxing isolates and dissects files for deep analyses, providing the complete taxonomy of advanced malware behavior that enhances resilience to future malicious exploits. With flexible deployment that includs cloud-based or on-premises options, and a unique, on-demand feature, iboss behavioral sandboxing provides comprehensive gateway protection with the flexibility to scale to the largest, most complex and distributed networks.

Auto-Deposit Sandboxing – Suspicious APTs, malware and zero-day threats are automatically deposited in the FireSphere Sandbox to give you in-depth analysis and the complete context of evasive malware and viruses.

On-Demand Sandboxing – This unique features allows you to analyze suspicious files, thumb drives, or other objects manually, by depositing them in the Sandbox for an additional layer of security.

Full System Emulation – FireSphere Sandboxing employs multiple machine emulators and file types to give you deep insight into malicious executables and the obfuscation code designed to evade detection, by standard sandboxing solutions.

File Baiting – This unique features uncovers threats that use evasive techniques or polymorphic viruses, by analyzing their behavior on bait files in a controlled environment.

Anomaly Detection through Network Baselining

FireSphere Network Anomaly Detection leverages iboss visibility across all data channels and dynamically indexed data logs to help you establish network baselines for your organization. Your network traffic patterns are continuously monitored and compared to your baselines to identify anomalies that can signify the network has been compromised. FireSphere monitors and measures your traffic against parameters such as device category, number of bytes in or out, number of connections being attempted, device owner, geo-destination and more. 


Network Anomaly Detection

Detecting infections on the network is becoming increasingly difficult as sophisticated malware exploits use evasive maneuvers to mask communication. These maneuvers can range from port-evasive techniques such as piggybacking on DNS requests, to leveraging Google Translate and other tactics.

FireSphere Network Anomaly Detection goes beyond C&C (command and control) communication monitoring to incorporate advanced technology that continuously monitors and compares your current network traffic to pinpoint unusual behavior that can signify the network has been compromised. Once a problem is revealed, the data transfer is stopped and you are alerted, giving you time to investigate and remediate to prevent data loss.

How FireSphere Network Anomaly Detection Works

FireSphere first employs iboss visibility across the full Web stream with integrated historical data logs to establish a stable baseline for your network traffic. Then iboss monitors outbound network data transfers against your normal baseline to detect anomalies signifying suspicious traffic. Our proprietary technology has the capability to stop the data transfer mid-stream, quarantine it, and send you an alert, giving you time to mitigate threats and avoid data loss. FireSphere monitors traffic on a variety of parameters including the device category, an abnormal number of bytes in or out, the number of connections being attempted, who owns the device, the intended geo-destination and more.

 CISO Command Center

FireSphere CISO Command Center correlates forensic threat intelligence from cloudsourcing across over 55 advanced malware engines and millions of endpoints to deliver the complete context of threats, giving you the actionable intelligence you need to remediate problems in real time. Rather than dealing with an overwhelming number of alerts and false positives, the CISO Command Center analyzes and prioritizes threats, saving you hours of IT research time and reducing data loss. 

FireSphere™ CISO Command Center

Correlates zero-day cloud threat intelligence to eliminate noise and reduce false positives

FireSphere’s exclusive CISO Command Center provides instant and comprehensive visibility into threats and infections, with real-time threat intelligence from FireSphere and the iboss Threat Intelligence Cloud. The results are correlated across a wide range of parameters, giving you instant, actionable forensic intelligence on zero-day threats and evasive malware. Getting hundreds of alerts from one piece of malware generating multiple callbacks could quickly overwhelm your resources. FireSphere eliminates noise and false positives, with technology that compiles and correlates threat intelligence to deliver prioritized alerts, allowing you to respond immediately, without wasting valuable IT resources.

By correlating global forensic intelligence from the FireSphere Threat Intelligence Cloud, The CISO Command Center Dashboard shows you where the threat first infiltrated the network, what users and devices are involved and where it has spread, enabling you to remediate problems now, and preventing future attacks.


  • Shortens time to remediation by dynamically correlating outbreaks to consolidate threat intelligence
  • Saves IT resources by delivering focused results that correlate alert information to directory user/machine name, along with a snapshot of global historical outbreaks
  • Eliminates noise and reduces false positives with in-depth real-time forensic analyses allowing CISOs to focus on valid threats
  • Provides insight that prioritizes threat severity by aggregating data from millions of global endpoints and over 55 different malware engines
  • Detects evasive malware already on the network by monitoring and mapping infection callbacks
  • Inoculates against future attacks by identifying IP aliases and malicious hosted files
Additional Features

Continuous Infection Monitoring

Leveraging iboss unrivaled visibility across all 131 thousand data channels, FireSphere finds malware already on your network quickly, diminishing malware dwell time to help reduce data loss.


Stops the spread of infections by network-wide scanning for infected machines and high-risk user behavior.

Threat Intelligence Cloud

Analyzes and correlates cloudsourced threat intelligence from global signature/heuristic AV databases and millions of iboss endpoints to deliver forensic analysis and prioritized, actionable intelligence to the FireSphere CISO Command Center.


Continuous Monitoring to Find Active Infections

Standard security solutions focus on blocking threats to prevent infections, with many claiming block rates as high as 98%. Adding sandboxing to your security approach can shave off another 1%, but isolated threats can still get through. This is why security experts warn that eventually, your network will be infected. Since no vendor can stop 100% of malware, continuous monitoring to find active infections is critical.

iboss FireSphere combines continuous monitoring with unrivaled visibility to find malware already on your network and alert you so immediate action can be taken. FireSphere continuous monitoring diminishes the timespan between infection and detection to cut malware dwell time and reduce the threat of data loss.

Continuous Monitoring with unrivaled Visibility

FireSphere offers iboss’ unrivaled visibility across the full Web stream including 65,535 TCP and 65,535 UDP data channels, where advanced malware hides. Our innovative stream-based technology finds malware hiding in streaming UDP traffic with the ability to block it mid-stream and prevent data loss.

FireSphere Threat Intelligence Cloud

Cloudsourcing Global Malware Engines to Deliver Real Time Protection

iboss collects global threat intelligence in the cloud from millions of iboss endpoints and over 55 advanced global malware engines and correlates it to deliver comprehensive zero-day threat information to the CISO Command Center. As FireSphere’s research and forensics arm, the Threat Intelligence cloud analyzes how a threat is acting globally and what patterns it is displaying, which may be predicative of future behaviors. For instance, when a suspicious IP is detected, the Threat Intelligence Cloud analyzes it to determine exactly why it is suspicious. Is it hosting other suspicious files? Has it hosted suspicious files in the past? This forensic intelligence is delivered to the CISO Command Center giving you the information you need to quickly remediate problems without having to deal with the noise and false positives generated by competing solutions. By analyzing and prioritizing threats, the Threat Intelligence Cloud helps accelerate remediation, increase IT efficiency, shorten dwell time and reduce data loss.

iboss’ proactive, dynamic data log indexing provides easy, instant access to historical data to help detect threat patterns and configure baselines for anomaly detection. If you already have a SIEM in place, FireSphere integrates seamlessly with any SIEM solution.

The CISO Command Center correlates data from FireSphere and the Threat Intelligence Cloud to put detailed threat intelligence and analyses at your fingertips.