FortiSandbox: Zero-day Threat Protection

An AI-powered, top-rated, integrated sandbox

Determining if You've Outgrown your First-Gen Sandbox
web product icon fortisandbox

FortiSandbox: Zero-day Threat Protection Overview

Cyber criminals are increasingly leveraging automation and artificial intelligence (AI) as part of their cyberattacks, heightening the risk of a security incident or a data breach. In turn, some CISOs are adopting sophisticated solutions such as AI-powered sandboxing as an essential component of their security strategy. AI-based sandboxing helps combat previously unknown threats such as ransomware, crypto-malware, and many others.

In addition to the sophistication of threats, organizations are grappling with protecting growing attack surfaces are becoming more dynamic due to the rise of Internet-of-Things (IoT) and cloud-based services. Coupled with the shortage of qualified cybersecurity talent, organizations are turning to centralized and integrated sandboxing across various security controls to automate breach protection.


FortiSandbox: Zero-day Threat Protection News


FortiSandbox Videos

Fortinet's ATP Security Fabric Approach | Cybersecurity Practices
FortiSandbox, Fast and Effective Protection Against Advanced Threats

FortiSandbox: Zero-day Threat Protection Product Details

FortiSandbox improves zero-day threat detection efficacy and performance by leveraging two machine learning models—patent-pending enhanced random forest with boost tree and least squares optimization applied to static and dynamic analysis of suspicious objects. It also accelerates threat investigation and management processes by adopting standards-based on the MITRE ATT&CK framework for malware reporting.

The Fortinet automated breach protection strategy enables FortiSandbox to easily integrate across both Fortinet and non-Fortinet products to provide real-time threat intelligence and speed threat response.

FortiSandbox analysis also includes malware that targets industrial control systems (ICS) so it can deliver the same sandbox benefits to organizations that manage both Information Technology (IT) and Operation Technology (OT) business segments.

Features and Benefits


top rate icon

Independently top-rated

NSS Labs "Recommended" for breach detection and breach prevention, and ICSA Labs certified for advanced threat defense
icon artificial intelligent

Improved efficacy and performance

Leverages two machine learning models that enhance static and dynamic analysis of threats
checkmark icon

Accelerated threat investigation

Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
integration icon

Broad integration

Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform
Icon automation

Automated breach protection

Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization
icon benefits malware

Unified IT-OT zero-day threat protection

Protects across both IT and OT environments and assets from malware

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.


FortiSandbox Models and Specifications

FortiSandbox broad form factor offering including physical, virtual appliance to public cloud and as a hosted service that supports various deployment options to fit any environment. 

Compare Products

Form Factor
1 RU
Effective real-world throughput (files/hr)
4x GE RJ45 ports
Form Factor
1 RU
Effective real-world throughput (files/hr)
4x GE RJ45 ports, 4x GE SFP slots
Form Factor
2 RU
Effective real-world throughput (files/hr)
4x GE RJ45 ports, 2x 10 GE SFP+ slots
Form Factor
2 RU
Effective real-world throughput (files/hr)
4x GE RJ45 ports, 2x 10 GE SFP+ slots
FortiSandbox VM supports VMware ESXi version 5.1 or later, and Linux KVM CentOS 7.2 or later. 

Effective real-world throughput (files/hr)
Hardware dependent
6 (minimum) virtual network interfaces
Effective real-world throughput (files/hr)
6 (minimum) virtual network interfaces

As businesses move to the cloud, it is imperative to extend a seamless security infrastructure to protect workloads and assets in the cloud against sophisticated threats. FortiSandbox native support of public cloud includes Amazon Web Services (AWS) and Microsoft Azure, allows organizations to build a comprehensive cloud security architecture that integrates FortiSandbox (sandbox) with FortiGate (NGFW), FortMail (SEG), FortiWeb (WAF), FortiClient (EPP), FortiSIEM (SIEM), and 3rd party solutions.

AWS Marketplace: 

Azure Marketplace:

FortiSandbox Cloud offers an alternate deployment option to the FortiSandbox appliance for organizations searching for a turnkey solution. It delivers the same rapid detection and automated response, but in the cloud. This provides unlimited flexibility to complement FortiGate in any deployment scenario such as distributed enterprise, data center, and more.

FortiSandbox Cloud is available with the FortiGate next-generation firewall, FortiMail secure email gateway, FortiWeb web application firewall, FortiProxy secure web gateway, and FortiClient endpoint protection.

If you are an existing FortiSandbox Cloud customer, please click here to access the service.


Fuse Community

FortiGuard Security Services for FortiGuard Service Bundles

FortiSandbox employs FortiGuard Threat Intelligence including an extended AV signature set, IPS, Web Filtering, emerging malware query, and sandbox engine updates to improve the robustness of threat detection as well as accelerate threat analysis and verdict determination. 


FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

FortiSandbox Alliance Partners

FortiSandbox provides integration with many leading IT vendors as part of the Fortinet Security Fabric.  Below is a list of current FortiSandbox Fabric-Ready API Alliance Partners:


NSS Labs Breach Prevention Systems (BPS) Test 2019 

NSS Labs BPS focuses on both detecting and blocking of exploits, advanced malware, and evasions which is critical in reducing the risk of breaches. This test helps emphasize the importance in the automation of the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Breach Protection tested solution consists of FortiSandbox, FortiGate, and FortiClient integrated together, earned a Recommended award by achieving an overall Security Effectiveness of 97.8% and offering the lowest 3-year TCO. 

NSS Labs Breach Prevention Systems (BPS) Test 2019

ICSA Certified for Advanced Threat Defense

With data breaches continuing to make headlines, new product and solutions designed to detect and prevent the advanced attacks often at the root of these breaches have emerged. To help organizations assess the effectiveness of these new offerings, ICSA Labs, an independent division of Verizon (author or the annual Data Breach Investigations Report or DBIR), recently introduced a new independent, Advanced Threat Defense certification, and Email certification.

NSS Labs Breach Detection Systems Test 2017 and SVM

According to Verizon's 2017 Data Breach Investigations Report, 99% of malware is delivered by email and the web. In the NSS Breach Detection System 2017 test, newly introduced FortiSandbox 2000E blocked 100% of advanced malware delivered over these two vectors and 99% overall offered at the lowest TCO, earning the NSS Labs “Recommended” rating.

Product Demo

Today's sophisticated zero-day and targeted attacks cannot be stopped by any one type of security. Zero-day threat protection is key to preventing data breaches and other consequences of a successful attack. Check out the full demo of the Fortinet AI-powered sandbox, FortiSandbox, and see how MITRE ATT&CK reporting and actionable dashboards speed response. This consolidated approach inspects all protocols and performs all functions on a unified, high-performance appliance.

Below are answers to common questions regarding FortiSandbox and related services:

Is FortiSandbox a point only solution?

FortiSandbox supports standalone and integrated deployment model. As a standalone, FortiSandbox can sniff packets via TAP/SPAN, scan files in a repository or accept files via on-demand submission, and via ICAP/JSON API. As an integrated solution, FortiSandbox accepts submission from FortiGate, FortiMail, FortiWeb, FortiProxy, FortiADC, FortiClient and Fabric-Ready partners and shares zero-day intelligence in real-time across integrated devices for rapid mitigation.

Does FortiSandbox fit my security infrastructure?

FortiSandbox form-factors range from a managed solution, appliance, VM, and public cloud that would meet a range of requirements from SMB to large enterprise to cloud-first organizations. 

How effective is FortiSandbox against advanced threats?

FortiSandbox has garnered Recommendations from NSS Labs Breach Detection TestBreach Prevention Test, and ICSA Advanced Threat Defense.

How fast can FortiSandbox be up and running?

Users can use Fortisandbox on day one by leveraging default VMs with pre-built OS and application license. Optionally, users can build a custom VM to replicate their standard end-user profile.

How do I test drive FortiSandbox?

A self-driven FortiSandbox demo can be found here. You may also request a threat assessment (with FortiSandbox) or request a live FortiSandbox demo by contacting us here.