FortiGuard Inline Sandbox Service
Keeps malware out with real-time file analysis
Keeps malware out with real-time file analysis
To avoid slow-downs, traditional sandboxing solutions let suspicious files pass into the organization while analysis for threats occurs offline. Then, if the file comes back as malicious, security teams have to scramble to find the malware as it moves deeper into the organization.
In FortiOS 7.2, we introduce the industry’s first inline sandbox to hold suspicious files—without performance impact—by leveraging our cloud-scale malware analysis environment. Only files that have been analyzed and determined to be safe are let into the network.
The Inline Sandbox Service attaches to a number of Fortinet products, integrating across the Security Fabric, covering the network, endpoint, email, and more.
All FortiGuard security services are natively integrated into the Fortinet Security Fabric. This enables fast, coordinated detection and enforcement across the entire attack surface. Risk is continually assessed and the Security Fabric automatically adjusts to counter the latest known and unknown threats in real time.
Service/Product |
Type |
Operated by |
Inline Sandbox |
Pricing |
FortiGuard Sandbox Detection and Prevention Service |
SaaS subscription |
Fortinet |
Yes |
Subscription/product |
FortiGuard Sandbox Detection Service |
SaaS subscription |
Fortinet |
No |
Subscription/product |
FortiSandbox Hosted |
PaaS subscription |
Shared |
Coming soon |
Sizing/account |
FortiSandbox Virtual Appliance |
VM subscription |
Customer |
Coming soon |
Sizing/account |
FortiSandbox Hardware |
HW bundle + licenses |
Customer |
Coming soon |
Sizing based/account |
The Sandbox Detection and Prevention Service is a new a-la-carte service for FortiGate (available in Q2 2022), which includes inline blocking for sandbox and AI/NDR detection, plus log enrichment for SOC teams.
Benefits:
Available for FortiGate, FortiClient, and FortiMail
This service is bundled with the Advanced Malware Protection (AMP) Service for FortiGate, including antivirus, mobile malware, and other components. This service provides out-of-band sandbox detection and log enrichment with a cloud-based SaaS portal for SOC admins.
Benefits:
Available for FortiGate, FortiClient, FortiMail, FortiWeb, FortiProxy, and FortiADC
Fortinet-hosted sandbox is a subscription service. It includes FortiSandbox VM with dedicated resources for high performance and centralization of reports. This service covers all FortiGate, FortiClient, and FortiMail appliances in your network.
Benefits:
Available for FortiGate, FortiClient, and FortiMail
FortiSandbox VMs natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities.
Benefits:
Available for FortiGate, FortiClient, FortiMail, FortiWeb, FortiProxy, and FortiADC
FortiSandbox hardware appliances natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities to those devices.
Benefits:
Available for FortiGate, FortiClient, FortiMail, FortiWeb, FortiProxy, and FortiADC
Service/Product |
Anti-evasion Detection |
C&C Detection |
AV/IPS/Web Filtering |
Threat Intelligence |
FGD Sandbox Detection and Prevention Service |
Y |
Y |
Y |
Y |
FGD Sandbox Detection Service |
Y |
Y |
Y |
Y |
FortiSandbox Hosted |
Y |
Y |
Y |
Y |
FortiSandbox Virtual Appliance |
Y |
Y |
Y |
Y |
FortiSandbox Hardware |
Y |
Y |
Y |
Y |
View by:
FAST TIME TO VERDICT
Machine learning and deep learning models enhance static and dynamic malware analysis and code analysis, supervised by FortiGuard Labs
INLINE BLOCKING
Inline sandboxing holds suspicious files, leveraging our cloud-scale malware analysis environment
BROAD INTEGRATION
Zero-day threat protection is extended to a next-generation firewall, secure email gateway, and endpoint protection platform
ACCELERATED THREAT INVESTIGATION
Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
UNIFIED IT/OT ZERO-DAY THREAT PROTECTION
Protects both IT and OT environments and assets from malware with one solution
UNBURDENS SECURITY TEAMS
Blocking unknown malware at the firewall, client, and mail levels results in fewer incidents and less investigation time and mitigation required.