![Page 1: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/1.jpg)
© Copyright Fortinet Inc. All rights reserved.
Advanced Threat Protection Webinar 24 May 2016 | Fortinet Italy
![Page 2: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/2.jpg)
2
Agenda
What is Sandbox?
FortiSandbox Cloud Options
FortiSandbox On-premise
FortiSandbox On-premise File Submission
Sniffer Mode
FortiSandbox On-Premise Device Mode
FortiSandbox On-premise FortiClient Integration
HA & Sizing Details
![Page 3: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/3.jpg)
1. What is SandBox
![Page 4: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/4.jpg)
4
Sandbox
VIRTUAL END-USER ENVIRONMENT
• Code is executed in an contained, virtual environment
• Goal is to replicate typical workstations
• Output is analyzed to determine characteristics
• Some characteristics are malicious
• Known virus downloads
• Registry modifications
• Outbound connection to malicious IPs
• Infection of processes
Unsafe action, escape attempt
Controlled communication inspection
X
What is Sandboxing? Virtual analysis – nothing new
![Page 5: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/5.jpg)
5
Why a Customer looks for ATP?
Lateral Movement Categorization Not Enough AntiSpam Ineffective
Against Phishing
![Page 6: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/6.jpg)
6
Breaking the Kill Chain of Advanced Attacks
Antispam
Web Filtering
Antivirus
Intrusion Prevention
App Control
IP Reputation
Spam
Malicious
Link
Exploit
Malware
Bot Commands
& Stolen Data
Spam
Malicious
Link
Exploit
Malware
Bot Commands
& Stolen Data
Malicious
Malicious
Web Site
C2 Server
![Page 7: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/7.jpg)
7
Sa
nd
bo
x
Breaking the Kill Chain of Advanced Attacks
Antispam
Web Filtering
Antivirus
Intrusion Prevention
App Control
IP Reputation
Spam
Malicious
Link
Exploit
Malware
Bot Commands
& Stolen Data
Spam
Malicious
Link
Exploit
Malware
Bot Commands
& Stolen Data
Malicious
Malicious
Web Site
C2 Server
Access
Confirmed
![Page 8: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/8.jpg)
8
Lateral Movement -Two Approaches
ISFW in Transparent Mode (Pro-active) FortiClient (Reactive)
![Page 9: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/9.jpg)
9
Spear Phishing Prevention - Two Approaches
Transparent VDOM on ISFW FortiMail in Gateway Mode
Ineffective
Agaist encrypted
attacks
![Page 10: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/10.jpg)
10
![Page 11: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/11.jpg)
11
Advanced Threat Protection Framework
Access Control
Stateful Firewall
Vulnerability Management
2-Factor Authentication
Threat Prevention
IPS/Application Control
AntiMalware
Email/Web Filtering
Anti-bot
Threat Detection “Sandboxing”
Network Behavior Analysis
Botnet Reporting
Client Reputation
Incident Response Professional Services, Device Quarantine, FortiGuard Updates
Continuous Monitoring Reporting
FortiGuard Research
SIEM/Log Mgt/Intelligence
Service Partners
![Page 12: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/12.jpg)
12
ATP Framework in Action
Unknown URLs and Files
submission to FortiSandbox
FortiSandbox
FortiGate
FortiWeb
FortiMail
FortiClient
Web Server
Mail Server
Extended and fast protection
Internet
![Page 13: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/13.jpg)
13
Call Back Detection
Full Virtual Sandbox
FortiSandbox- key components
• Multi-tiered file processing optimizes resources to improve security, capacity and performance
• Quickly simulates intended activity
• OS independent and immune to evasion/obfuscation
• Applies top-rated (95%+ Reactive And Proactive) engine
• Serves as an efficient pre-filter
Code Emulation
Cloud Query
AV Engine
• Examines real-time, full lifecycle activity
• Provides rich threat information
• Checks FortiSandbox community intelligence
• FortiGuard verified
• Identifies the ultimate aim, call back and exfiltration
• FortiGuard verified
![Page 14: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/14.jpg)
14
Products
![Page 15: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/15.jpg)
2.FortiSandbox Cloud
![Page 16: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/16.jpg)
16
FortiOS 5.4
![Page 17: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/17.jpg)
17
FortiCloud
![Page 18: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/18.jpg)
18
Register your device
![Page 19: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/19.jpg)
19
New Tab of FortiSandbox
![Page 20: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/20.jpg)
20
Tune AV Profile on FortiGate
![Page 21: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/21.jpg)
21
Select AV Profile in Policy
![Page 22: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/22.jpg)
22
FortiSandbox Cloud for FortiMail & FortiWeb
FortiSanbox Cloud
FortiMail
FortiWeb
![Page 23: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/23.jpg)
23
FortiMail Sandbox
![Page 24: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/24.jpg)
24
Select Sandbox in AV Profile
![Page 25: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/25.jpg)
25
FortiWeb Sandbox Cloud Configuration
![Page 26: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/26.jpg)
26
Select Sandbox Cloud in File Upload Policy
![Page 27: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/27.jpg)
3.FortiSandbox On-premise
![Page 28: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/28.jpg)
28
Status Page
![Page 29: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/29.jpg)
29
FortiGuard Updates
![Page 30: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/30.jpg)
30
Pre-requisite
![Page 31: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/31.jpg)
31
It Appears in Scan Profile
![Page 32: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/32.jpg)
32
FSA SimNet - Open or Closed Environment?
Should you risk to degrade your IP reputation by allowing sandbox VM going
through your Internet access?
» Sandbox VM execution is short
» Your reputation is at risk every day (i.e. infected computer in your network)
» Use a dedicated Internet access for FortiSandbox outgoing traffic
INTERNET
port1
port2
port3
![Page 33: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/33.jpg)
33
Why Internet Access is Important for Detection?
Detonating a downloader sample into a sandbox VM with the netsim feature
enabled
DNS Query: A FQDN?
DNS Response: A 192.168.250.1?
HTTP Request: GET URL
HTTP Response
dummy.exe
URL Rating: FQDN
URL Rating: URL
AV Inspection
Execution Time Sandbox VM Rating Engine
IP Reputation: 192.168.250.1
dummy.exe
![Page 34: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/34.jpg)
34
Why Internet Access is Important for Detection?
Detonating a downloader sample into a sandbox VM without netsim
URL Rating: FQDN
URL Rating: URL
Execution Time Rating Engine
AV Inspection:
IP Reputation: a.b.c.d
DNS Query: A FQDN?
DNS Response: A a.b.c.d?
HTTP Request: GET URL
HTTP Response
Sandbox VM
Callback connection: C2
IP Reputation: C2
![Page 35: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/35.jpg)
35
simnet disabled vs simnet enabled
Sample
Network Action Rating Feature
SimNet
Disabled
SimNet
Enabled
DNS Request URL Rating
FQDN
DNS Response IP Reputation
a.b.c.d
HTTP Request URL Rating
URL
HTTP Response AV Inspection
content
Callback connection IP Reputation
C2
![Page 36: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/36.jpg)
36
simnet disabled vs simnet enabled
Sample
Network Action Rating Feature
SimNet
Disabled
SimNet
Enabled
DNS Request URL Rating
FQDN
DNS Response IP Reputation
a.b.c.d
HTTP Request URL Rating
URL
HTTP Response AV Inspection
content
Callback connection IP Reputation
C2
![Page 37: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/37.jpg)
37
For Networks Using Proxy
![Page 38: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/38.jpg)
38
Alert Email Setting
![Page 39: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/39.jpg)
39
Scheduled Reports on Mail
![Page 40: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/40.jpg)
40
SNMP Settings
![Page 41: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/41.jpg)
3.a. Advance Setup On-Premise Mode
![Page 42: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/42.jpg)
42
Configuring VM’s
![Page 43: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/43.jpg)
43
Maximum Number of VM’s
![Page 44: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/44.jpg)
44
Scan Profile
![Page 45: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/45.jpg)
45
Configuring a VM to Scan File type
![Page 46: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/46.jpg)
46
Flexibility to add User-Define File Types
![Page 47: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/47.jpg)
47
What if we don’t have WindowsXP
![Page 48: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/48.jpg)
48
Device/Sniff
er
EXE
New Virtual Machines Support
Android, Windows 8.1 and 10
Not integrated by default
SKUs to come for ordering
Android Windows 8 Windows 10
On-Demand/
REST API
Adapter Network
Share
Device/Sniff
er
Device/Sniff
er
DOC
Device
*.*
Sniffer
*.*
URL
New design is based on input source and file type
new source and type
![Page 49: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/49.jpg)
49
Blacklist & Whitelist
![Page 50: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/50.jpg)
4. File-On Demand
![Page 51: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/51.jpg)
51
Administrator uses the web-
based Manager to uploads files
or URLs for inspection.
The combination of inspection
methods can be customized
» AV
» Cloud File Query
» VM Sandboxing
Tracking of the inspection
through the On-Demand page
On-Demand: Manual Input Method
![Page 52: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/52.jpg)
52
How to check
![Page 53: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/53.jpg)
53
![Page 54: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/54.jpg)
54
Flexibility to choose Scan Engine
![Page 55: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/55.jpg)
4.a. URL Submission
![Page 56: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/56.jpg)
56
![Page 57: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/57.jpg)
57
![Page 58: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/58.jpg)
5. Sniffer Mode
![Page 59: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/59.jpg)
59
Monitor the network traffic through two
possible connections methods:
» Mirroring/monitoring or SPAN ports
» TAP device
Sniffer Input Method
Monitoring traffic
Switch with mirroring/monitoring/SPAN capabilities.
Monitoring traffic TAP Device
![Page 60: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/60.jpg)
60
![Page 61: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/61.jpg)
6.Device Mode
![Page 62: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/62.jpg)
62
Devices Input Method
FortiGate, FortiMai or FortiWeb Devices.
514/tcp SSL encrypted
- File submission
- Get statistics back
In memory hash table preventing accepting the same files several times. Cleared every week or each time there is a DB update.
Fortinet Appliance FortiSandbox
![Page 63: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/63.jpg)
63
Registering FortiGate on FortiSandbox for File Submission
![Page 64: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/64.jpg)
64
Device should appear in FortiSandbox
![Page 65: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/65.jpg)
65
Device Authorization
![Page 66: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/66.jpg)
66
Configure AV Profile with FortiSandbox
![Page 67: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/67.jpg)
67
Tune WCF Profile to use FortiSandbox
![Page 68: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/68.jpg)
68
Policy
![Page 69: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/69.jpg)
69
FortiView
![Page 70: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/70.jpg)
6.a Device Mode-FortiWeb
![Page 71: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/71.jpg)
71
If FGT is integrated with FSA why I need to Integrate FWEB with FSA?
![Page 72: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/72.jpg)
72
Encrypted Traffic
FGT
FWeb FSA
HTTPS Traffic Encrypted File
Decrypted File
![Page 73: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/73.jpg)
73
FSA Integration
» Configure FSA
Authorise and test connectivity
Setup Admin mail
![Page 74: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/74.jpg)
74
FortiWeb Configuration
FortiWeb
» Configure File Upload
Restriction Policy
![Page 75: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/75.jpg)
6.c Device Mode-FortiMail
![Page 76: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/76.jpg)
76
Threat Vectors
Which threat vector is the most popular for Targeted Attacks ?
a) Web browsing
b) Email
c) Software: bugs, backdoors, exploits
d) USB
Percentage of attacks involving that vector ?
Attacker’s easiest choice for Targeted Attacks
“more than 90% of Targeted Attacks involves email”
![Page 77: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/77.jpg)
77
Integrate with FortiSandbox
![Page 78: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/78.jpg)
78
Enable Sandbox in AV-Profile
![Page 79: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/79.jpg)
79
Select AV-Profile in Recipient Policy
![Page 80: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/80.jpg)
7. FortiClient Integration
![Page 81: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/81.jpg)
81
Prevent known malwares
» Everything that can enforce a
security policy
Detect unknown malwares
» FortiSandbox & everything that is
behavior based
Mitigatation
» FortiGuard teams and automation
Part of the Fortinet ATP Framework
Creating a fix
& update prevention
High risk items
Provide ratings
& results
![Page 82: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/82.jpg)
82
File Submission of supported file types
Every Input source supported
» Internet, removable media and network
drive
Malware Package support from
FortiSandbox
Prevent the user to access the file until a
verdict is received
FortiSandbox Integration
Extending the ATP Framework up to the EndPoint
1. Submit and Hold
the files
2. Receive verdicts
3. Retrieve Malware
Packages
![Page 83: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/83.jpg)
83
FortiSandbox Integration
Execution or Access Hold during the Inspection
2
1
4
3
![Page 84: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/84.jpg)
84
Create a Profile with FortiSandbox IP
![Page 85: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/85.jpg)
85
Register FortiClient on FGT
![Page 86: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/86.jpg)
86
Test FCT FSA Communication
![Page 87: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/87.jpg)
87
Check FCT is registered on FSA & FGT
FortiClient
» On the FGT check the
FCT Monitor
» On the FSA, under Scan Input>FCT
check that the client has been registered
![Page 88: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/88.jpg)
88
Process Next Level
Sniffer
Devices
On-demand
Inputs Methods
Controller
Local DB
Control
AV-Scan Engine
Cloud-Query Engine
VM-Scan Engine
Rating Engine
File Filter
Analysis
Static Scan Engine
Network Share
URL Detection
![Page 89: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/89.jpg)
89
FortiGuard Threat Research & Response
FortiGuard Web
Filtering Service
FortiGuard Anti-spam
Security Service
FortiGuard Intrusion
Prevention Service
FortiGuard Application
Control Service
FortiGuard Database
Security Service
FortiGuard
Antivirus Service
FortiGuard Web
Security Service
FortiGuard IP
Reputation Service
IP FortiGuard Vulnerability
Management Service
Anti-botnet
BOT
AV-Scan Engine
Cloud-Query Engine
VM-Scan Engine
Rating Engine
File Filter
Analysis
Static Scan Engine
![Page 90: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/90.jpg)
90
FortiGuard Lab
FortiGuard Services
The Fortinet ATP Solution
FortiGate
FortiMail
FortiWeb
FortiClient
FortiSandbox
![Page 91: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/91.jpg)
Sizing & Clustering
![Page 92: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/92.jpg)
92
Clean File
✓ Or Unknown Malware
Supported
File Type
New / Known Malware
FortiSandbox Scaling
Confidential
up to
+ 2 ½ minutes
FortiSandbox
pre-filters
15 - 20 seconds
Most files types scanned by Static Scan
EXE/DLL, .bat/.vbs/.ps1/.com, PDF, Office Files,
Flash Files, URLs from device, .jar, Office with
embedded binary, Android All into VMs Clean File
✓
File Filter
Static Scan Engine
Or AV-Scan Engine
Cloud-Query Engine
VM-Scan Engine
Rating Engine
![Page 93: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/93.jpg)
93
File Sizing Summary
This Means……(worse case scenario)
» Maximum of 3 minutes per file (60 minutes / 3) =
» Maximum of 20 files an hour per Virtual Machine (if not caught by the pre-filters)
FortiSandbox Platforms
» FortiSandbox-1000D (8 concurrent VMs * 20) = 160 files per hour
» FortiSandbox-3000D (28 concurrent VMs * 20) = 560 files per hour
» FortiSandbox-Base-Virtual Appliance (4 VMs * 20) = 80 files per hour
» FortiSandbox-Maximum-Virtual Appliance (52 VMs * 20) = 1,040 files per hour
Clustering Allows Up to 100 Members
» In any platform combination (Initial Master / Primary Backup have to be the same)
» All cluster platforms share the file load / distribution
![Page 94: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/94.jpg)
94
Clustering and Load Balancing
Master and Primary Slave have to the same appliance (can be any model)
Regular Slaves can be any appliance
Up to 100 nodes in a cluster
REGULAR
SLAVE
REGULAR
SLAVE
REGULAR
SLAVE
MASTER PRIMARY
SLAVE
![Page 95: Advanced Threat Protection - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc/ATP Webinar - Wide.p… · Webinar 24 May 2016 | Fortinet Italy . 2 Agenda What is Sandbox?](https://reader034.vdocuments.site/reader034/viewer/2022042916/5f57f4237ce6a54a8938d0ba/html5/thumbnails/95.jpg)
Thank You!