FortiGuard Inline Sandbox Service
Keeps malware out with real-time file analysis
Overview
To avoid slow-downs, traditional sandboxing solutions let suspicious files pass into the organization while analysis for threats occurs offline. Then, if the file comes back as malicious, security teams have to scramble to find the malware as it moves deeper into the organization.
In FortiOS 7.2, we introduce the industry’s first inline sandbox to hold suspicious files—without performance impact—by leveraging our cloud-scale malware analysis environment. Only files that have been analyzed and determined to be safe are let into the network.
The Inline Sandbox Service attaches to a number of Fortinet products, integrating across the Security Fabric, covering the network, endpoint, email, and more.
FortiGuard Security Services
All FortiGuard security services are natively integrated into the Fortinet Security Fabric. This enables fast, coordinated detection and enforcement across the entire attack surface. Risk is continually assessed and the Security Fabric automatically adjusts to counter the latest known and unknown threats in real time.
Service/Product |
Type |
Operated by |
Inline Sandbox |
Pricing |
FortiGuard Sandbox Detection and Prevention Service |
SaaS subscription |
Fortinet |
Yes |
Subscription/product |
FortiGuard Sandbox Detection Service |
SaaS subscription |
Fortinet |
No |
Subscription/product |
FortiSandbox Hosted |
PaaS subscription |
Shared |
Coming soon |
Sizing/account |
FortiSandbox Virtual Appliance |
VM subscription |
Customer |
Coming soon |
Sizing/account |
FortiSandbox Hardware |
HW bundle + licenses |
Customer |
Coming soon |
Sizing based/account |
FortiGuard Sandbox Detection and Prevention Service
The Sandbox Detection and Prevention Service is a new a-la-carte service for FortiGate (available in Q2 2022), which includes inline blocking for sandbox and AI/NDR detection, plus log enrichment for SOC teams.
Benefits:
- Optimizes security operations with SOCaaS log ingestion
- Secures the data center, branch, campus, and cloud
- Ideal for any size organization
- Available in North America, Europe, and Asia regions
Available for FortiGate, FortiClient, and FortiMail
FortiGuard Sandbox Detection Service
This service is bundled with the Advanced Malware Protection (AMP) Service for FortiGate, including antivirus, mobile malware, and other components. This service provides out-of-band sandbox detection and log enrichment with a cloud-based SaaS portal for SOC admins.
Benefits:
- Out-of-band sandboxing, alerting, and reporting
- Log enrichment for SOC response
- Secures the data center, branch, campus, and cloud
- Ideal for any size organization
- Available in North America, Europe, and Asia regions
Available for FortiGate, FortiClient, FortiMail, FortiWeb, FortiProxy, and FortiADC
FortiSandbox Hosted
Fortinet-hosted sandbox is a subscription service. It includes FortiSandbox VM with dedicated resources for high performance and centralization of reports. This service covers all FortiGate, FortiClient, and FortiMail appliances in your network.
Benefits:
- Centralized alerting, reporting, and threat intelligence
- Secures the data center, branch, campus, and cloud
- Ideal for any size organization
- Available in North America and Europe regions
Available for FortiGate, FortiClient, and FortiMail
FortiSandbox Virtual Appliance (Private/Public Cloud)
FortiSandbox VMs natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities.
Benefits:
- Available for public cloud and private cloud deployments
- Out-of-box integration with Fortinet Security Fabric and third-party solutions
- Centralized sandboxing, alerting, and reporting
- Real-time threat intelligence sharing
Available for FortiGate, FortiClient, FortiMail, FortiWeb, FortiProxy, and FortiADC
FortiSandbox Hardware Appliance
FortiSandbox hardware appliances natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities to those devices.
Benefits:
- Available in a range of performance levels to fit organizations of all sizes
- Out-of-box integration with Fortinet Security Fabric and third-party solutions
- Centralized sandboxing, alerting, and reporting
- Real-time threat intelligence sharing
Available for FortiGate, FortiClient, FortiMail, FortiWeb, FortiProxy, and FortiADC
Service/Product |
Anti-evasion Detection |
C&C Detection |
AV/IPS/Web Filtering |
Threat Intelligence |
FGD Sandbox Detection and Prevention Service |
Y |
Y |
Y |
Y |
FGD Sandbox Detection Service |
Y |
Y |
Y |
Y |
FortiSandbox Hosted |
Y |
Y |
Y |
Y |
FortiSandbox Virtual Appliance |
Y |
Y |
Y |
Y |
FortiSandbox Hardware |
Y |
Y |
Y |
Y |
View by:
Fallstudien
White Papers
Lösungsleitfäden
Analystenberichte
Webinars and Videos
Schulung
Fuse Community
Features and Benefits
FAST TIME TO VERDICT
Machine learning and deep learning models enhance static and dynamic malware analysis and code analysis, supervised by FortiGuard Labs
INLINE BLOCKING
Inline sandboxing holds suspicious files, leveraging our cloud-scale malware analysis environment
BROAD INTEGRATION
Zero-day threat protection is extended to a next-generation firewall, secure email gateway, and endpoint protection platform
ACCELERATED THREAT INVESTIGATION
Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
UNIFIED IT/OT ZERO-DAY THREAT PROTECTION
Protects both IT and OT environments and assets from malware with one solution
UNBURDENS SECURITY TEAMS
Blocking unknown malware at the firewall, client, and mail levels results in fewer incidents and less investigation time and mitigation required.
