Malware Sandbox

Simple. Powerful. Anywhere.

聯絡業務

Overview

What is a Malware Sandbox?

For previous generations of viruses that were unsophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.

However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.

A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.

Typical characteristics found in a malware sandbox:

Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
Reporting and automated sharing of threat intelligence
Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments

To learn more about sandboxing, please refer to NSE 2 Sandbox

FortiSandbox Models and Specifications

FortiSandbox broad form factor offering including physical, virtual appliance to public cloud and as a hosted service that supports various deployment options to fit any environment.

導覽:

FortiSandbox-500F

Form Factor	1 RU
Effective real-world throughput (files/hr)	200 (upgradeable to 600)
港口	4x GE RJ45 ports

FortiSandbox-1000D

Form Factor	2 RU
Effective real-world throughput (files/hr)	800
港口	6x GE RJ45 ports, 2x GE SFP slots

FortiSandbox-2000E

Form Factor	2 RU
Effective real-world throughput (files/hr)	400 (upgradeable to 2,400)
港口	4x GE RJ45 ports, 2x 10 GE SFP+ slots

FortiSandbox-3000E

Form Factor	2 RU
Effective real-world throughput (files/hr)	800 (upgradeable to 5,600)
港口	4x GE RJ45 ports, 2x 10 GE SFP+ slots

FortiSandbox-3500D

Form Factor	3 RU
Effective real-world throughput (files/hr)	3,600 (upgradeable to 6,000)
港口	20x GE RJ45 ports, 10x 10 GE SFP+ slots (4x GE RJ45 ports, 2x 10 GE SFP+ slots per node)

FortiSandbox VM supports VMware ESXi version 5.1 or later, and Linux KVM CentOS 7.2 or later.

FortiSandbox-VM (Local VMs)

Effective real-world throughput (files/hr)	Hardware dependent
港口	6 (minimum) virtual network interfaces

FortiSandbox-VM (Cloud VMs)

Effective real-world throughput (files/hr)	500 (upgradeable to 20,000)
港口	6 (minimum) virtual network interfaces

As businesses move to the cloud, it is imperative to extend the security infrastructure to protect assets natively in the cloud against sophisticated threats. FortiSandbox support of public cloud includes Amazon Web Services (AWS) On-Demand (pay-as-you go) and BYOL (Bring Your Own License), allows organizations to build a comprehensive cloud security architecture that integrates FortiSandbox with FortiGate, FortMail, FortiWeb, FortiClient, and 3rd party solutions.

Please see the AWS Marketplace listings for more information:

FortiSandbox on AWS BYOL

FortiSandbox on AWS On-Demand

FortiSandbox Cloud offers an alternate deployment option to the FortiSandbox appliance for organizations searching for a turnkey solution. It delivers the same rapid detection and automated response, but in the cloud. This provides unlimited flexibility to complement FortiGates in any deployment scenario such as distributed enterprise, data center, and more.

The FortiSandbox Cloud is available with the FortiGate next-generation firewall, FortiMail secure email gateway, and FortiWeb web application firewall, and FortiProxy secure web gateway.

If you are an existing FortiSandbox Cloud customer, please click here to access the service.

導覽:

資料表

FortiSandbox Datasheet

FortiSandbox Ordering Guide

Fortinet Product Matrix

實例探究

GOMSA

Mexican Customs Company Converges Networking and Security With the Fortinet Security Fabric

白皮書

Shift from Detection to Real-Time Protection with Inline Sandboxing

A proactive approach that allows only safe content into the network is needed, such as inline sandboxing.

FortiSandbox: Third-generation Sandboxing Featuring Dynamic AI Analysis

FortiSandbox delivers AI-powered Sandboxing

Mapping The Ransomware Landscape

Understanding the scope and sophistication of the Threat

Has Your Network Outgrown Its First-generation Sandbox?

Sandboxing is a critical component to an organization's Breach Protection Strategy.

How to Close Security Gaps to Stop Ransomware and Other Threats

Next-gen security means covering the entire attack surface. Learn how enterprises can defend end-to-end with coordinated Advanced Threat Protection (ATP).

解決方案指南

Stop Zero-Day and Previously Unknown Threats with the FortiGuard Inline Sandbox Service

Instead of forcing a choice between security and performance, FortiGuard Inline Sandbox solutions hold suspicious files until they are found to be safe, without any performance impact.

提供員工大規模的安全遠端連線

Third-generation Sandboxing Delivers AI-based Breach Prevention

What to look for in a third generation sandbox solution

Fortinet Advanced Threat Protection

Learn how the Fortinet Security Fabric uniquely addresses today’s evolving threat landscape with broad, powerful and automated network protection.

Webinars and Videos

The End of Ransomware

Learn more about ransomware: the types, how they work, specific variants, and more. We'll look at some of the most recent ransomware attacks and walk you through what the incident response process ...

Envien Group Leverages Fortinet Solutions to Improve Security Posture | NGFW

Envien is one of the most significant and strongest groups of companies in Central and Eastern Europe operating in the production of biofuels used in motor fuels - diesel and petrol.

FortiSandbox Protects Against Advanced Threats Fast

This quick video describes how sandboxing works to catch advanced threats and why FortiSandbox delivers better protection and better performance as an advanced threat protection solution.

FortiSandbox, Fast and Effective Protection Against Advanced Threats

This short video describes how sandbox works to detect advanced threats and why only FortiSandbox can deliver an effective automated advanced threat protection solution.

訓練

Advanced Threat Prevention

Learn how to protect your organization and improve its security against advanced threats that bypass traditional security controls. You will also learn how other advanced threat protection (ATP) ...

NSE 2 Fortinet Security Fabric Training

NSE 2 is the core solutions level of the Fortinet Network Security Expert (NSE) program.

NSE 3 Advanced Threat Protection Training

This self-study course provides the foundation knowledge to position and sell Fortinet Advanced Networking Appliances.

NSE 6 FortiSandbox Training

In this 1-day class, you will learn the basics of FortiSandbox.

FortiGuard Security Services for FortiSandbox

FortiSandbox employs FortiGuard Threat Intelligence including an extended AV signature set, IPS, Web Filtering, emerging malware query, and sandbox engine updates to improve the robustness of threat detection as well as accelerate threat analysis and verdict determination.

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

FortiSandbox Alliance Partners

FortiSandbox provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiSandbox Fabric-Ready API Alliance Partners:

SentinelOne

SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organized crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.

Resources

Functionalities

Endpoint Security

Advanced Threat Prevention

Learn how to protect your organization and improve its security against advanced threats that bypass traditional security controls. You will also ...

現今複雜的零時差與針對性攻擊無法被任何一種安全防護所阻擋。零時差威脅防護是防止資料外洩及其他成功攻擊後果的關鍵。查看 Fortinet 採用 AI 的沙箱 FortiSandbox 的完整展示，瞭解 MITRE ATT&CK 的報告和可執行面板如何加快回應速度。此整合方法可檢查所有協定，並在統一的高效能設備上執行所有功能。

Fortinet Sandbox Videos

Fortinet's ATP Security Fabric Approach

Fortinet FortiSandbox Solution automates protection of your organization from 0-day attacks across various threat vectors.

立即觀看

Fortinet 3rd Generation Malware Sandbox Solution

Simple: Easy integration to an existing security infrastructure to automate threat response.
Powerful: Built-in machine learning and deep learning engines that improve security efficacy by up to 25% over traditional sandbox detection.
Anywhere: Flexible deployment options for Information Technology (IT) or Operational Technology (OT) environment to protect the dynamic attack surface.

"Deploying FortiSandbox to protect our organization against zero-day threats was seamless through Fortinet’s Security Fabric platform. FortiSandbox secures our perimeter, client and mail servers, and ultimately is protecting our assets from advanced unknown threats. Leveraging FortiSandbox’s AI-driven capabilities has helped us keep pace with AI-driven threats, all while providing an easy and simplified way to configure and manage our security."
Dario Palermo
System and Network Administrator at Ente Autonomo Volturno

Interested in learning more with hands-on exercises? Come join us in our Fast Track event featuring FortiSandbox. Register here.

FortiSandbox consistently awarded a Recommendation from NSS Labs and Certification from ICSA Labs

Read NSS Labs Report

Breach Prevention Systems Test Report. In Q1 2019 NSS Labs performed an independent test of the Fortinet FortiGate 500E v6.0.3 + FortiClient v6.0.3.6219 + FortiSandbox v3.0.2 (AWS BYOL)

Read ICSA Labs Report

ICSA Labs tested the Fortinet Advanced Threat Protection Solution (ATP) for 33 days during Q3 2020 to determine how well it detected new and little-known malicious threats.

Sandbox and AV: Which is better?

	Sandbox	AV
0-day Malware	Yes	No
Type of malware detection	Known, polymorphic, unknown	Known and polymorphic
Malware analysis	Static and Dynamic/Behavior	Signature-based and Static

Features and Benefits

Automated breach protection

Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization

Improved efficacy and performance

Leverages machine learning and deep learning models that enhance static and dynamic malware analysis, and code analysis.

Broad integration

Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform

Unified IT-OT zero-day threat protection

Protects across both IT and OT environments and assets from malware

Accelerated threat investigation

Built-in MITRE ATT&CK matrix identifies a variety of malware techniques

Independently top-rated

NSS Labs "Recommended" for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense

FortiSandbox: Zero-day Threat Protection News

FortiSandbox 4.0 Release

FortiSandbox expanded AI capabilities to include Deep Learning and improved ransomware detection, increased performance with adaptive scan, enhanced experience with a redesigned GUI and automated health check alerts, and many more. Review the latest release notes for more information.

New FortiSandbox Cloud Launched

Fortinet launches first ever Platform-as-a-Service (PaaS)-based cloud delivered dedicated sandbox.

NSE 2 Sandbox Updated

Fortinet NSE Institute updates popular sandbox lesson that is open for the public and the wider community.

Fortinet NSE 7 Advanced Threat Protection 3.0 Exam

The new Fortinet NSE 7 Advanced Threat Protection 3.0 exam is now available at Pearson VUE testing Center in English and Japanese.

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

學到更多

企業

訓練

資源

網路安全

NOC 管理中心

應用範例

快速連結

廣域網路 (WAN)

區域網路 (LAN)

遠距辦公

網路營運中心 (NOC) 管理

通訊與監控系統

應用範例

快速連結

零信任網路存取 (ZTNA)

身份管理

應用範例

快速連結

混合雲安全

原生雲安全

網頁應用 / API 安全

軟體即服務 (SaaS) 安全

應用範例

快速連結

SOC 平台

端點安全

SOC 託管

進階威脅防護

應用範例

快速連結

資訊安全訂閱服務

FORTIGUARD 即時威脅情資服務

資安事故回應 (IR)

網路安全專業服務

FortiOS 創新功能

應用範例

快速連結

FORTICARE 支援服務

FORTICARE 專業服務

教育訓練

QUICK LINKS

FORTICARE 支援服務

FORTICARE 專業服務

教育訓練

QUICK LINKS

FORTICARE 支援服務

FORTICARE 專業服務

教育訓練

QUICK LINKS

合作夥伴

客戶

快速連結

FORTICARE 支援服務

FORTICARE 專業服務

教育訓練

QUICK LINKS

網路安全

NOC 管理中心

應用範例

快速連結

廣域網路 (WAN)

區域網路 (LAN)

遠距辦公

網路營運中心 (NOC) 管理

通訊與監控系統

應用範例

快速連結

零信任網路存取 (ZTNA)

身份管理

應用範例

快速連結

混合雲安全

原生雲安全

網頁應用 / API 安全

軟體即服務 (SaaS) 安全

應用範例

快速連結

SOC 平台

端點安全

SOC 託管