Skip to content Skip to navigation Skip to footer

FortiGuard Inline Sandbox Service

Keeps malware out with real-time file analysis  

Download Data Sheet
FortiGuard Inline Sandbox Service banner background banner dots

Overview

To avoid slow-downs, traditional sandboxing solutions let suspicious files pass into the organization while analysis for threats occurs offline. Then, if the file comes back as malicious, security teams have to scramble to find the malware as it moves deeper into the organization. 

In FortiOS 7.2, we introduced the industry’s first inline sandbox on a next-generation firewall that holds suspicious files—without performance impact—by leveraging our cloud-scale malware analysis environment. Only files that have been analyzed and determined to be safe are let into the network. 

The FortiGuard AI-based Inline Sandbox Service attaches to a number of Fortinet products, integrating across the Security Fabric, covering the network, endpoint, email, and more. Inline Sandboxing is also available in with the FortiSandbox appliance or virtual machine, and as a SaaS or PaaS subscription.

 

FortiGuard Security Services

All FortiGuard security services are natively integrated into the Fortinet Security Fabric. This enables fast, coordinated detection and enforcement across the entire attack surface. Risk is continually assessed, and the Security Fabric automatically adjusts to counter the latest known and unknown threats in real time.

Service/Product

Type

Operated by

Inline Sandbox

Pricing

FortiGuard AI-based Inline Sandbox Service

SaaS subscription

Fortinet

Yes

Subscription/product

(FortiGate) Cloud Sandbox Service

SaaS subscription

Fortinet

No

Subscription/product

FortiSandbox Hosted

PaaS subscription

Shared

Yes

Sizing/account

FortiSandbox Virtual Appliance

VM subscription

Customer

Yes

Sizing/account

FortiSandbox Hardware

HW bundle + licenses

Customer

Yes

Sizing based/account

 

FortiGuard Inline Sandbox Service

The FortiGuard AI-Based Inline Sandbox Service is a new a-la-carte service for FortiGate NGFWs. It includes inline blocking for sandbox and AI/NDR detection, plus log enrichment for SOC teams.

Benefits:

  • Inline blocking for FortiGate, FortiClient, and FortiMail
  • Optimizes security operations with SOCaaS log ingestion
  • Secures the data center, branch, campus, and cloud
  • Ideal for any size organization
  • Available in North America, Europe, and Asia regions

Available for FortiGate, FortiClient, and FortiMail

FortiGuard Sandbox Detection Service

This service is bundled with the Advanced Malware Protection (AMP) Service for FortiGate, including antivirus, mobile malware, and other components. This service provides out-of-band sandbox detection and log enrichment with a cloud-based SaaS portal for SOC admins.

Benefits:

  • Out-of-band sandboxing, alerting, and reporting
  • Log enrichment for SOC response
  • Secures the data center, branch, campus, and cloud
  • Ideal for any size organization
  • Available in North America, Europe, and Asia regions

Available for FortiGateFortiClient, FortiMail, FortiWeb, FortiProxy, and FortiADC

FortiSandbox Hosted

Fortinet-hosted sandbox is a subscription service. It includes FortiSandbox VM with dedicated resources for high performance and centralization of reports. This service covers all FortiGate, FortiClient, and FortiMail appliances in your network.

Benefits:

  • Inline Blocking for FortiGate, FortiClient and FortiMail
  • Centralized alerting, reporting, and threat intelligence
  • Secures the data center, branch, campus, and cloud
  • Ideal for any size organization
  • Available in North America and Europe regions

Available for FortiGateFortiClient, and FortiMail

FortiSandbox Virtual Appliance (Private/Public Cloud)

FortiSandbox VMs natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities.

Benefits:

  • Inline Blocking for FortiGate, FortiClient and FortiMail
  • Available for public cloud and private cloud deployments
  • Out-of-box integration with Fortinet Security Fabric and third-party solutions
  • Centralized sandboxing, alerting, and reporting
  • Real-time threat intelligence sharing

Available for FortiGateFortiClientFortiMailFortiWebFortiProxy, and FortiADC

FortiSandbox Hardware Appliance

FortiSandbox hardware appliances natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities to those devices.

Benefits:

  • Inline Blocking for FortiGate, FortiClient and FortiMail
  • Available in a range of performance levels to fit organizations of all sizes
  • Out-of-box integration with Fortinet Security Fabric and third-party solutions
  • Centralized sandboxing, alerting, and reporting
  • Real-time threat intelligence sharing

Available for FortiGateFortiClientFortiMailFortiWebFortiProxy, and FortiADC

Service/Product

Anti-evasion Detection

C&C Detection

AV/IPS/Web Filtering

Threat Intelligence

FortiGuard AI-Based Inline Sandbox Service

Y

Y

Y

Y

(FortiGate) Cloud Sandbox Service

Y

Y

Y

Partial

FortiSandbox Hosted

Y

Y

Y

Y

FortiSandbox Virtual Appliance

Y

Y

Y

Y

FortiSandbox Hardware

Y

Y

Y

Y

View by:

Fuse Community


Features and Benefits

FAST TIME TO VERDICT

Machine learning and deep learning models enhance static and dynamic malware analysis and code analysis, supervised by FortiGuard Labs

INLINE BLOCKING

Inline sandboxing holds suspicious files, leveraging our cloud-scale malware analysis environment

BROAD INTEGRATION

Zero-day threat protection is extended to a next-generation firewall, secure email gateway, and endpoint protection platform

ACCELERATED THREAT INVESTIGATION

Built-in MITRE ATT&CK matrix identifies a variety of malware techniques

UNIFIED IT/OT ZERO-DAY THREAT PROTECTION 

Protects both IT and OT environments and assets from malware with one solution

UNBURDENS SECURITY TEAMS

Blocking unknown malware at the firewall, client, and mail levels results in fewer incidents and less investigation time and mitigation required.