FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
FortiKoala
Staff
Staff
Article Id 197597
Description

How is ZoneFox different to Antivirus


Scope

Key Concepts


Solution

ZoneFox has a driver that operates on a similar, but not exact level to the one of AV. 

We receive and filter IO calls to file system and send this to our CS servers. We do not change any calls, for example we do not deny access to files. We also do not scan the contect of IO buffers and as such do not monitor any content of a file. 

ZoneFox is mostly interested in metadata whereas AV solutions look for patterns in data or apply some heuristics to behaviour.







Contributors