Hillstone Cloud Sandbox Malicious File ID and Detection Platform

The Hillstone Cloud Sandbox is comprised of three modules: Static Analysis, Behavioral Analysis and Cloud Intelligence.

Static Analysis

Hillstone cloud sandbox executes static signature analysis of the files, such as identification of file types, file format, and the known malware signature. Additionally, the front filter technology (E.g. URL whitelist, file signature validation, sample database on cloud) can screen out the known threats to reduce the workload of sandbox..

Behavioral analysis

Hillstone Cloud Sandbox can simulate multiple operation systems and running environments, and trigger file behaviors in the simulated environments that closely resemble real ones in production environments. The Sandbox uses a machine learning model to validate the file behavior.

Cloud Intelligence

 By using threats intelligence information compiled globally from Hillstone network nodes, Hillstone Cloud Sandbox compares the static information and behavior of the files against the intelligence information, such as malware signatures, phishing websites and malicious domain names, and attaches every file with a risk evaluation score, rather than simply defining it as good or bad.

The Three Modules Work Together To Ensure The Efficiency And Efficacy Of Malicious Files Detection.


Advanced Malware has become so sophisticated that it can easily evade traditional security solutions including firewalls, IPS and Anti-Virus technologies. To address advanced malware, the Hillstone Cloud Sandbox delivers a unique, advanced threat detection platform that can emulate the execution environment and analyze all activities related to malicious files, identify advanced threats and collaborate with existing solutions to provide rapid remediation.


High detection rate with both static and behavioral analysis

The malware sample database on the Hillstone cloud contains more than 1 billion samples. It quickly detects whether any uploaded file matches with the malware samples. Hillstone Cloud Sandbox can simulate running environments and trigger file behaviors such as creating processes, modifying registry and requesting back chain. Unknown threats can be detected by analyzing the file behavior.

Instant deployment of cloud infrastructure

Hillstone Cloud Sandbox is seamlessly integrated with existing Hillstone technology and solutions, such as the Next-Generation Firewall and Hillstone CloudEdge. It can be deployed instantly and seamlessly without network disruption.

Protection of encrypted traffic

Since SSL encryption technology has become popular, more and more applications use HTTPS. However, today’s malware also uses SSL encryption technology to escape from detection. Hillstone Cloud Sandbox can decrypt the encrypted traffic and restore the files in the encrypted traffic. With this approach, malware can be detected, even if they are hidden in the encrypted traffic.

Comprehensive threats information in the reports

Upon detecting malware and unknown threats, Hillstone Cloud Sandbox displays alarms and notifications, as well as comprehensive reports of malware behavior in the administration panel of the firewall. Network behavior, process behavior, file behavior, and file key information are displayed in the reports. The process for the attack is visualized through the Kill Chain analysis on firewall platforms, so that security administrators can take appropriate action.

Constantly updating signature database

Hillstone Cloud Sandbox generates threat intelligence based on the malware it detects and updates the intelligence information to the signature database of the Hillstone Next-Generation Firewalls. It helps administrators adjust security strategies to protect their IT resources from new newer and advanced attacks.

Contact us

Let us help you find the best solution for you and your company.

Shopping Cart