F-Secure ThreatShield

Secure email and web gateway, with network sandbox.

Contact Sales

F-Secure ThreatShield is a gateway-level security solution for protecting email and web traffic, with built-in network sandboxing technology. It is designed specifically to protect against spam, ransomware, phishing, and advanced targeted attacks.

Email and web traffic are the most common attack vectors

Email and web traffic continue to be the most common attack vectors for commodity malware and phishing,
in addition to targeted exploits and spear-phishing attacks.

75%

Over 75% of all legitimate websites
contain unpatched vulnerabilities.  

92%

92% of attacks use email
as an initial vector.  

80%

80% of attachments in spam
emails were ransomware.  

49%

49% of non-POS malware was
installed via malicious email.  

Preventing commodity attacks and detecting the more advanced, targeted attacks via sandboxing early on at the gateway level is vastly more cost-efficient than on the endpoints. It is also much safer, as the host is never in contact with the attack in the first place.

ThreatShield prevention diagram

Modern gateway security is much more than antivirus

ThreatShield provides powerful and efficient protection at the gateway level, going far beyond traditional antivirus, browsing protection, and spam filtering.

Multi-engine anti-malware

Detects a broader range of malicious features, patterns, and trends.

Browsing protection

Proactively prevents end users from visiting malicious and phishing sites.

Real-time threat intelligence

F-Secure's Security Cloud identifies, analyzes, and prevents new and emerging threats.

Spam filtering

Prevents unwanted spam emails with a 99.9% detection rate and zero false positives.

Web traffic scanning

Scans for malicious content in ingoing and outgoing web traffic (HTTP & HTTPS).

Email scanning

Scans ingoing and outgoing attachments and links for malicious content.

Web content control

Enables restriction of unproductive and inappropriate internet usage.  

Advanced threat protection PREMIUM

Network sandbox that detonates, analyzes, and detects malicious activity.

Reduce infrastructure maintenance work

ThreatShield provides unique value for IT teams by combining email, web traffic, and sandboxing gateway needs into one unified solution. It lowers the maintenance load on the team by reducing the amount of hardware needed. It also creates considerable synergies between system administrators, who can jointly manage the gateway-level protection for email, web traffic, and sandboxing.

ThreatShield Premium

F-Secure ThreatShield comes in two versions – Standard and Premium. The premium version includes the Advanced Threat Detection capability provided by our network sandboxing feature, SandViper. It offers protection against targeted attacks, hand-crafted malware, attacks utilizing scripts, 0-day exploits, and other similar, considerably more advanced attack techniques.

Standard
Premium
Standard
 
Premium

Multi-Engine Anti-Malware

 

Real-Time Threat Intelligence

 

Web Traffic Scanning

 

Web Content Control

 

Browsing Protection

 

Spam Filtering

 

Email Scanning

 

Advanced Threat Detection

 

Details

Block malicious web content

Web Traffic Scanning prevents the exploitation of active content such as Java and Flash, which are used in the vast majority of online attacks. These components are automatically blocked on unknown and suspicious sites based on their reputation data. Administrators can make exceptions to this by adding sites to a list of trusted sites, for example company intranet sites, for which F-Secure does not have any reputation data.

Web traffic protection scans HTTP and HTTPS web traffic in real time with multiple complementary anti-malware scanning engines and reputation checks. This ensures that malware and exploits are found and blocked at the traffic stage, before data is written to the hard disk. This provides additional protection against more advanced malware—for example memory-only variants.

Real-time threat intelligence

F-Secure's Security Cloud is our own cloud-based threat analysis system. It utilizes big data and machine learning, among other input, to continuously add to our knowledge base of digital threats. Security Cloud is constantly in touch with client systems, identifying new threats as they emerge and providing protection within minutes.

A cloud-based threat analysis service affords many benefits over traditional approaches. We gather threat intelligence from hundreds of thousands of client nodes, building a real-time picture of the global threat situation. Within minutes, we use that knowledge to protect our customers.

For example, if ThreatShield's sandboxing technology identifies a new attack that leverages a 0-day exploit, the information is shared with all protected devices via Security Cloud — automatically rendering the advanced attack harmless mere minutes after initial detection.

For more on the functions and benefits of F-Secure's Security Cloud, consult our technical whitepaper.

Superior malware protection

ThreatShield utilizes our multi-engine security platform to detect and prevent malware. It offers superior protection to traditional signature-based technologies:

  • Detects a broader range of malicious features, patterns, and trends, enabling more reliable and accurate detections, even for previously unseen malware variants
  • By using real-time look-ups from F-Secure's Security Cloud, it can react faster to new and emerging threats in addition to ensuring a small footprint

Prevent access to malicious sites

Browsing Protection is a key security layer that proactively prevents end users from visiting malicious sites. This is particularly effective, as early intervention greatly reduces overall exposure to malicious content, and thus attacks.

For example, Browsing Protection will prevent end users from being tricked into accessing seemingly legitimate phishing sites, accessing malicious sites through an email link, or getting infected through malicious 3rd party advertisements on otherwise legitimate sites.

The feature works by fetching the latest reputation check of the websites and their files from F-Secure's Security Cloud, based on various data points such as IP addresses, URL keywords, and site behavior.

Browsing Protection is fully browser-agnostic, as it works at the network level. This ensures that it still provides protection even if the end user is not using a company-sanctioned browser.

Prevent access to inappropriate web sites

Web Content Control allows restriction of unproductive and inappropriate internet usage. It can restrict employee web browsing, denying access to non-work-related destinations, such as social media and adult sites, to maximize effective work time and to avoid malicious sites.

Web Content Control reduces productivity losses, bandwidth consumption, and legal risks caused by unauthorized employee access to inappropriate or distracting web content. It also greatly reduces the chances of exposure to malicious content.

IT administrators can make local and group exceptions that override the enforced categories. As an example, if social networking sites are restricted, you could add Linkedin.com to the trusted sites list as an exception. Additionally, certain groups of users can be given different access rights, like access to social media sites for digital marketing personnel.

Web Content Control is fully browser-agnostic, as it works at the network level. This ensures that it still provides protection even if the end user is not using a company-sanctioned browser.

Filter spam with 99.9% accuracy

Spam filtering prevents unwanted spam and phishing messages from reaching endpoints by already filtering them on the gateway level.

ThreatShield has achieved VBSpam certification in all 50 Virus Bulletin spam tests ever performed. It has an average spam detection rate of over 99.9% with zero false positives in the last 10 VBSpam tests, and has achieved Virus Bulletin's highest certification, VBSpam+, for 13 tests in a row as of February 2018.

ThreatShield uses a combination of antispam filtering and predictive technologies delivered via F-Secure's Security Cloud to effectively detect spam messages in any language and reduce false positives, as well as protect against phishing attacks and malicious links in email attachments.

ThreatShield utilizes proprietary technologies, including patented detection methods and algorithms, as well as machine learning. These include IP, URL, number, domain, and sender reputation systems, spam image detection and email fingerprinting.

ThreatShield also provides proactive heuristic spam detection technology that detects emerging and new spam emails through the combination of spam message patterns, advanced heuristic filters, and content analysis done via machine learning algorithms.

Protected against targeted attacks, scripts and 0-day exploits

ThreatShield includes built-in network sandboxing technology. It automatically detonates malicious content and triggers a multi-faceted behavioral analysis process, based on the risk profile of the content.

An initial threat intelligence check is made to F-Secure's Security Cloud. The service returns various identifiers, such as reputation and prevalence, and automatically blocks any known threats detected. The check is made for fast, lightweight initial decisions, and can already filter nearly 99% of all common malicious content.

Another benefit is that it automatically flags known clean files and executables, allowing the other components to be much more aggressive in their detections without having issues with false positives.

If the initial threat intelligence check is inconclusive or suspicious, the content is detonated in a carefully crafted environment to prevent the attacker from detecting that they are operating in a sandbox.

After detonation, a dynamic run-time analysis is done to find strange, suspicious, and outrights malicious behavior, such as editing the system registry, launching network connections, making API calls, influencing system processes and drivers, and causing unusual file system activity.

Unified central management

ThreatShield provides an easy way to deploy, manage, and monitor the security of your email and web traffic gateway protection from a single, intuitive console. This approach creates considerable synergies between system administrators, who can jointly manage the gateway level protection for email, web traffic and sandboxing.

ThreatShield provides, among others, the following management capabilities:

  • Administrators have access to rich reporting and advanced security analytics on blocked content, making investigation and incident response fast and effective.
  • AD integration allows administrators to set custom policies for specific Active Directory groups, such as giving digital marketing teams access to social media sites.
  • Quarantine management allows administrators to investigate a potential attack in peace, and then release it if it's a false positive or remove it from the system completely if it is found harmful.
  • Administrators can set extensive alerting rules, for example for malicious detections, quarantined objects, storage health notification, and system update notifications.
  • ThreatShield supports multiple software update models and schedules to ensure that administrators can plan their maintenance and update cycles according to their company policies.

Block malicious web content

Web Traffic Scanning prevents the exploitation of active content such as Java and Flash, which are used in the vast majority of online attacks. These components are automatically blocked on unknown and suspicious sites based on their reputation data. Administrators can make exceptions to this by adding sites to a list of trusted sites, for example company intranet sites, for which F-Secure does not have any reputation data.

Web traffic protection scans HTTP and HTTPS web traffic in real time with multiple complementary anti-malware scanning engines and reputation checks. This ensures that malware and exploits are found and blocked at the traffic stage, before data is written to the hard disk. This provides additional protection against more advanced malware—for example memory-only variants.

We also offer