Fortinet's ATP Security Fabric Approach
Fortinet FortiSandbox Solution automates protection of your organization from 0-day attacks across various threat vectors.
Watch NowFortiSandbox: Zero-day Threat Protection
An AI-powered, top-rated, integrated sandbox
Determining if You've Outgrown your First-Gen SandboxAvailable in:
What is a Malware Sandbox?
Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.
However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.
A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.
Typical characteristics found in a malware sandbox:
- Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
- Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
- Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
- Reporting and automated sharing of threat intelligence
- Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments
To learn more about sandboxing, please refer to NSE 2 Sandbox
Fortinet Sandbox Videos
|
Learn more about our Sandbox Solution.
Fortinet Malware Sandbox Solution
- First-in-the-industry patent-pending Machine Learning (ML)-based static analysis, and ML-based dynamic analysis
- MITRE ATT&CK standards-based reporting
- Automated 0-day breach protection with integration to both Fortinet and non-Fortinet solutions
Read our customer case studies and testimonials here.
Interested in learning more with hands-on exercises? Come join us in our Fast Track event featuring FortiSandbox. Register here
FortiSandbox: Zero-day Threat Protection News
-
Sep 10, 2020New FortiSandbox Cloud LaunchedFortinet launches first ever Platform-as-a-Service (PaaS)-based cloud delivered dedicated sandbox.
-
Sep 7, 2020NSE 2 Sandbox UpdatedFortinet NSE Institute updates popular sandbox lesson that is open for the public and the wider community.
-
Mar 6, 2020Fortinet NSE 7 Advanced Threat Protection 3.0 ExamThe new Fortinet NSE 7 Advanced Threat Protection 3.0 exam is now available at Pearson VUE testing Center in English and Japanese.
-
Aug 19, 2019Fortinet Security Fabric Earns NSS Labs Recommendation for 2019 Breach Prevention Systems Group TestNSS Labs recently updated their Breach Prevention System (BPS) test methodologies, and in August 2019 they unveiled the 2019 BPS group test results.
FortiSandbox consistently awarded a Recommendation from NSS Labs and Certification from ICSA Labs
Fortinet’s FortiSandbox combined security efficacy, performance and low TCO is an industry proven solution. See the report to learn more about how other vendors compare to Fortinet.
Sandbox and AV: Which is better?
| Sandbox | AV | |
| 0-day Malware | Yes | No |
| Type of malware detection | Known, polymorphic, unknown | Known and polymorphic |
| Malware analysis | Static and Dynamic/Behavior | Signature-based and Static |
Features and Benefits
Independently top-rated
NSS Labs "Recommended" for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense
Improved efficacy and performance
Leverages two machine learning models that enhance static and dynamic malware analysis of zero-day threats
Accelerated threat investigation
Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
Broad integration
Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform
Automated breach protection
Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization
Unified IT-OT zero-day threat protection
Protects across both IT and OT environments and assets from malware
Building a Cybersecurity Workforce
Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.
Learn MoreFortiSandbox Models and Specifications
FortiSandbox broad form factor offering including physical, virtual appliance to public cloud and as a hosted service that supports various deployment options to fit any environment.
▼
Form Factor |
1 RU |
Effective real-world throughput (files/hr) |
600 |
Ports |
4x GE RJ45 ports |
Form Factor |
1 RU |
Effective real-world throughput (files/hr) |
1,400 |
Ports |
4x GE RJ45 ports, 4x GE SFP slots |
Form Factor |
2 RU |
Effective real-world throughput (files/hr) |
2,400 |
Ports |
4x GE RJ45 ports, 2x 10 GE SFP+ slots |
Form Factor |
2 RU |
Effective real-world throughput (files/hr) |
5,600 |
Ports |
4x GE RJ45 ports, 2x 10 GE SFP+ slots |
FortiSandbox VM supports VMware ESXi version 5.1 or later, and Linux KVM CentOS 7.2 or later.
Effective real-world throughput (files/hr) |
Hardware dependent |
Ports |
6 (minimum) virtual network interfaces |
Effective real-world throughput (files/hr) |
20,000 |
Ports |
6 (minimum) virtual network interfaces |
As businesses move to the cloud, it is imperative to extend a seamless security infrastructure to protect workloads and assets in the cloud against sophisticated threats. FortiSandbox native support of public cloud includes Amazon Web Services (AWS) and Microsoft Azure, allows organizations to build a comprehensive cloud security architecture that integrates FortiSandbox (sandbox) with FortiGate (NGFW), FortMail (SEG), FortiWeb (WAF), FortiClient (EPP), FortiSIEM (SIEM), and 3rd party solutions.
AWS Marketplace:
Azure Marketplace:
FortiSandbox Cloud offers an alternate deployment option to an on-premise FortiSandbox for organizations searching for a turnkey solution. It delivers the same rapid detection and automated response, but from the cloud. This provides unlimited flexibility to integrate sandbox analysis of zero-day threats to any security control e.g. firewall, secure email gateway, endpoint protection, and others, to automate threat protection across multiple locations.
To learn more, please click here.
Resources
▼
Case Studies
White Papers
Solution Guides
Analyst Reports
Webinars and Videos
Training
Fuse Community
FortiGuard Security Services for FortiGuard Service Bundles
FortiSandbox employs FortiGuard Threat Intelligence including an extended AV signature set, IPS, Web Filtering, emerging malware query, and sandbox engine updates to improve the robustness of threat detection as well as accelerate threat analysis and verdict determination.
Antivirus
FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
Intrusion Prevention
FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.
Web Filtering
Protects your organization by blocking access to malicious, hacked, or inappropriate websites.
FortiSandbox Alliance Partners
FortiSandbox provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiSandbox Fabric-Ready API Alliance Partners:
Amazon Web Services
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
ATAR Labs
ATAR Labs builds next-generation SOAR platform ATAR. Together with Fortinet, SOC teams become more agile and respond to complex threats and defend their infrastructure. Automatic processes deployed and orchestrated from ATAR, and enforcement, and detection from Fortinet creates an integrated operation to achieve a secure environment.
Attivo Networks
Attivo Networks is an award-winning innovator in cyber security defense. As the leader in deception-based threat detection technology, Attivo empowers continuous threat management using dynamic deceptions for the real-time detection, analysis, and accelerated response to cyber incidents.
CloudMosa
CloudMosa web isolation technology safeguards enterprise endpoints against cyber threats by isolating all Internet code execution and web rendering in the cloud and keeps threats like malware, ransomware and malicious links at bay. Together with Fortinet, CloudMosa web isolation solution delivers unmatched security shielding.
D3 Security
D3 Security's award-winning SOAR platform seamlessly combines security orchestration, automation and response with enterprise-grade investigation/case management, trend reporting and analytics. With D3's adaptable playbooks and scalable architecture, security teams can automate SOC use-cases to reduce MTTR by over 95%, and manage the full lifecycle of any incident or investigation.
Gigamon
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security, and superior performance.
Microsoft Azure
Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.
Nutanix
Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix enterprise cloud platform leverages web-scale engineering and consumer-grade design to natively converge compute, virtualization and storage into a resilient, software-defined solution that delivers any application at any scale.
Rubrik
Rubrik delivers a single platform to manage and protect data in the cloud, at the edge, and on-premises. Enterprises choose Rubrik’s Cloud Data Management software to simplify backup and recovery, accelerate cloud adoption, and enable automation at scale.
SentinelOne
SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organized crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.
Symantec
Symantec Corporation (NASDAQ:SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. The partnership with Fortinet combines Symantec’s endpoint protection leadership with Fortinet’s best-in-class network security and Fabric integration to deliver unparalleled security protection.
- Solution brief
- Technical Deployment Guide
- Press Release on partnership
- Fabric Connector Technical Guide
Syncurity
Syncurity’s award-winning and patent-pending IR-Flow® SOAR platform reduces cyber risk by accelerating security operations processes, people and technology. Together with Fortinet, Syncurity reduces the time to detect, contain and remediate cyber risks leveraging standards-based APIs for alert enrichment, detailed investigation and automated incident response.
ToGrow
TG8 and Fortinet products are interconnecting to secure your organization from evolving cyberthreats and reduce your IT security operation costs.
Certifications
NSS Labs Breach Prevention Systems (BPS) Test 2019
NSS Labs BPS focuses on both detecting and blocking of exploits, advanced malware, and evasions which is critical in reducing the risk of breaches. This test helps emphasize the importance in the automation of the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Breach Protection tested solution consists of FortiSandbox, FortiGate, and FortiClient integrated together, earned a Recommended award by achieving an overall Security Effectiveness of 97.8% and offering the lowest 3-year TCO.
- NSS Labs 2019 BPS Test Report FortiSandbox (AWS), FortiGate, FortiClient
- NSS Labs 2019 BPS Security Value Map (SVM)
ICSA Certified for Advanced Threat Defense
With data breaches continuing to make headlines, new product and solutions designed to detect and prevent the advanced attacks often at the root of these breaches have emerged. To help organizations assess the effectiveness of these new offerings, ICSA Labs, an independent division of Verizon (author or the annual Data Breach Investigations Report or DBIR), recently introduced a new independent, Advanced Threat Defense certification, and Email certification.
NSS Labs Breach Detection Systems Test 2017 and SVM
According to Verizon's 2017 Data Breach Investigations Report, 99% of malware is delivered by email and the web. In the NSS Breach Detection System 2017 test, newly introduced FortiSandbox 2000E blocked 100% of advanced malware delivered over these two vectors and 99% overall offered at the lowest TCO, earning the NSS Labs “Recommended” rating.
Product Demo
Today's sophisticated zero-day and targeted attacks cannot be stopped by any one type of security. Zero-day threat protection is key to preventing data breaches and other consequences of a successful attack. Check out the full demo of the Fortinet AI-powered sandbox, FortiSandbox, and see how MITRE ATT&CK reporting and actionable dashboards speed response. This consolidated approach inspects all protocols and performs all functions on a unified, high-performance appliance.
Below are answers to common questions regarding FortiSandbox and related services:
Is FortiSandbox a point only solution?
FortiSandbox supports standalone and integrated deployment model. As a standalone, FortiSandbox can sniff packets via TAP/SPAN, scan files in a repository or accept files via on-demand submission, and via ICAP/JSON API. As an integrated solution, FortiSandbox accepts submission from FortiGate, FortiMail, FortiWeb, FortiProxy, FortiADC, FortiClient and Fabric-Ready partners and shares zero-day intelligence in real-time across integrated devices for rapid mitigation.
Does FortiSandbox fit my security infrastructure?
FortiSandbox form-factors range from a managed solution, appliance, VM, and public cloud that would meet a range of requirements from SMB to large enterprise to cloud-first organizations.
How effective is FortiSandbox against advanced threats?
FortiSandbox has garnered Recommendations from NSS Labs Breach Detection Test, Breach Prevention Test, and ICSA Advanced Threat Defense.
How fast can FortiSandbox be up and running?
Users can use Fortisandbox on day one by leveraging default VMs with pre-built OS and application license. Optionally, users can build a custom VM to replicate their standard end-user profile.
How do I test drive FortiSandbox?
A self-driven FortiSandbox demo can be found here. You may also request a threat assessment (with FortiSandbox) or request a live FortiSandbox demo by contacting us here.