Skip to content Skip to navigation Skip to footer

Malware Sandbox

Simple. Powerful. Anywhere.

Malware Sandbox banner background banner dots


What is a Malware Sandbox?

For previous generations of viruses that were unsophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.

However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.

A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.

Typical characteristics found in a malware sandbox:

  1. Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
  2. Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
  3. Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
  4. Reporting and automated sharing of threat intelligence
  5. Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments
To learn more about sandboxing, please refer to NSE 2 Sandbox

FortiSandbox Models and Specifications

FortiSandbox broad form factor offering including physical, virtual appliance to public cloud and as a hosted service that supports various deployment options to fit any environment. 


Form Factor
1 RU
Effective real-world throughput (files/hr)
200 (upgradeable to 600)
4x GE RJ45 ports
Form Factor
2 RU
Effective real-world throughput (files/hr)
6x GE RJ45 ports, 2x GE SFP slots
Form Factor
2 RU
Effective real-world throughput (files/hr)
400 (upgradeable to 2,400)
4x GE RJ45 ports, 2x 10 GE SFP+ slots
Form Factor
2 RU
Effective real-world throughput (files/hr)
800 (upgradeable to 5,600)
4x GE RJ45 ports, 2x 10 GE SFP+ slots
Form Factor
3 RU
Effective real-world throughput (files/hr)
3,600 (upgradeable to 6,000)
20x GE RJ45 ports, 10x 10 GE SFP+ slots (4x GE RJ45 ports, 2x 10 GE SFP+ slots per node)
FortiSandbox VM supports VMware ESXi version 5.1 or later, and Linux KVM CentOS 7.2 or later. 

Effective real-world throughput (files/hr)
Hardware dependent
6 (minimum) virtual network interfaces
Effective real-world throughput (files/hr)
500 (upgradeable to 20,000)
6 (minimum) virtual network interfaces

As businesses move to the cloud, it is imperative to extend the security infrastructure to protect assets natively in the cloud against sophisticated threats. FortiSandbox support of public cloud includes Amazon Web Services (AWS) On-Demand (pay-as-you go) and BYOL (Bring Your Own License), allows organizations to build a comprehensive cloud security architecture that integrates FortiSandbox with FortiGate, FortMail, FortiWeb, FortiClient, and 3rd party solutions.

Please see the AWS Marketplace listings for more information:

FortiSandbox on AWS BYOL

FortiSandbox on AWS On-Demand

FortiSandbox Cloud offers an alternate deployment option to the FortiSandbox appliance for organizations searching for a turnkey solution. It delivers the same rapid detection and automated response, but in the cloud.  This provides unlimited flexibility to complement FortiGates in any deployment scenario such as distributed enterprise, data center, and more.

The FortiSandbox Cloud is available with the FortiGate next-generation firewall, FortiMail secure email gateway, and FortiWeb web application firewall, and FortiProxy secure web gateway.

If you are an existing FortiSandbox Cloud customer, please click here to access the service.



Fortinet 自豪地宣佈,在 2021 年 4 月的 Gartner Peer Insights「客戶之聲」中,我們連續第二年獲得「客戶之選」榮譽稱號:網路防火牆報告。

「Gartner Peer Insights 客戶之選」是經過驗證的最終使用者專業人員對該市場供應商的認可,同時考慮了評論數量和整體使用者評分。為了確保評估的公正性,Gartner 在識別客戶滿意度高的供應商時遵循嚴格的標準 

作為 Fortinet Security Fabric 不可或缺的一部分,我們的 FortiGate 新一代防火牆 (NGFW) 採用安全驅動型網路方法,以保護任何網路邊緣和大規模使用者,同時確保高效能。FortiGate NGFW 由 Fortinet 自訂安全處理器 (SPU) 提供支援,提供業界最高的安全運算評級。

透過 FortiGate NGFW,組織可以:

管理內部和外部安全風險:FortiGate NGFW 提供應用程式、威脅和網路的完整可視性,以保持正常營運並確保業務連續性。此外,基於網路的分段透過由 FortiGuard 服務提供支援的增強型 AI/ML 來阻止網路攻擊,藉此阻止橫向威脅並防止應用程式漏洞。  

透過整合實現最佳投資回報率:FortiGate NGFW 將網路和多個安全功能順暢地融合並加速整合到一個解決方案中,以降低成本並最佳化使用者體驗。 

提高營運效率:Fortinet 的 Fabric 管理中心簡化了 Security Fabric 的營運,並透過整合視圖擴展到超過 400 個生態系統整合,以簡化整個企業的工作流程。

以下是 Fortinet 客戶在 Gartner Peer Insights 網站上發表的最熱門評論的小範例*:

「穩定可靠的防火牆」——金融行業的雲端基礎設施工程師,公司規模:5000 萬 - 2.5 億美元
整體使用者評分:5/5 星
"我們在公司的總部和全國許多分支機構使用 FortiGate。對於主要處理敏感客戶資料的公司,我們需要確保我們的網路受到可用的最佳防火牆解決方案的保護(這也要感謝 Gartner 評論)。"」

「小包裝大價值」 ——零售業的 IT 總監,公司規模:5 億 - 10 億美元
整體使用者評分:5/5 星
"我們決定將包括 FortiGate60E 在內的完整 Fortinet 網路堆疊部署到我們所有 90 多個零售點。我們進一步以 HA 對的形式將  FortiGate 200E 部署到所有資料中心位置。這些 UTM 設備是我用過的最好的、功能最豐富的。"」

提供了我們想要的東西——金融行業副總裁、副資訊長,公司規模:10 億 - 30 億美元
整體使用者評分:5/5 星
「我們實施該解決方案的經歷非常令人滿意。我們選擇 Fortinet 是因為價格和簡單性,我們已經得到了我們想要的。"」

「強大的防火牆解決方案,可保護您的業務系統」——金融行業程式設計師,公司規模:5000 萬 - 2.5 億美元
整體使用者評分:5/5 星
「非常易於實施和設定,尤其是如果您的網路中已有其他 Fortinet 產品,它們都與單一「Security Fabric」結合,並對您網路中的所有網路裝置和事件提供了一個很完整的概述。而且這些產品的價格也很實惠"

「NGFW 非常值得擁有」——金融行業的 PHP 後端開發人員,公司規模:5000 萬 - 2.5 億美元
整體使用者評分:5/5 星
「FortiGate NGFW 是我們 IT 基礎設施的主要防護裝置。所有網路都會經過它。它可以輕鬆處理我們所有的流量。現在,大多數員工都在家工作,因此 VPN 受到嚴重打擊,但這對 FortiGate 來說不是問題。」

FortiGuard Security Services for FortiSandbox

FortiSandbox employs FortiGuard Threat Intelligence including an extended AV signature set, IPS, Web Filtering, emerging malware query, and sandbox engine updates to improve the robustness of threat detection as well as accelerate threat analysis and verdict determination. 

FG Antivirus


FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

FortiSandbox Alliance Partners

FortiSandbox provides integration with many leading IT vendors as part of the Fortinet Security Fabric.  Below is a list of current FortiSandbox Fabric-Ready API Alliance Partners:

現今複雜的零時差與針對性攻擊無法被任何一種安全防護所阻擋。零時差威脅防護是防止資料外洩及其他成功攻擊後果的關鍵。查看 Fortinet 採用 AI 的沙箱 FortiSandbox 的完整展示,瞭解 MITRE ATT&CK 的報告和可執行面板如何加快回應速度。此整合方法可檢查所有協定,並在統一的高效能設備上執行所有功能。

Fortinet Sandbox Videos

Fortinet's ATP Security Fabric Approach

Fortinet FortiSandbox Solution automates protection of your organization from 0-day attacks across various threat vectors.


Fortinet 3rd Generation Malware Sandbox Solution

  • Simple: Easy integration to an existing security infrastructure to automate threat response.
  • Powerful: Built-in machine learning and deep learning engines that improve security efficacy by up to 25% over traditional sandbox detection. 
  • Anywhere: Flexible deployment options for Information Technology (IT) or Operational Technology (OT) environment to protect the dynamic attack surface.


"Deploying FortiSandbox to protect our organization against zero-day threats was seamless through Fortinet’s Security Fabric platform. FortiSandbox secures our perimeter, client and mail servers, and ultimately is protecting our assets from advanced unknown threats. Leveraging FortiSandbox’s AI-driven capabilities has helped us keep pace with AI-driven threats, all while providing an easy and simplified way to configure and manage our security."
Dario Palermo
System and Network Administrator at Ente Autonomo Volturno


Interested in learning more with hands-on exercises? Come join us in our Fast Track event featuring FortiSandbox. Register here.


FortiSandbox consistently awarded a Recommendation from NSS Labs and Certification from ICSA Labs

Read NSS Labs Report

Breach Prevention Systems Test Report.  In Q1 2019 NSS Labs performed an independent test of the Fortinet FortiGate 500E v6.0.3 + FortiClient v6.0.3.6219 + FortiSandbox v3.0.2 (AWS BYOL)

Read ICSA Labs Report

ICSA Labs tested the Fortinet Advanced Threat Protection Solution (ATP) for 33 days during Q3 2020 to determine how well it detected new and little-known malicious threats.  

Sandbox and AV: Which is better?

  Sandbox AV
0-day Malware Yes No
Type of malware detection Known, polymorphic, unknown Known and polymorphic
Malware analysis Static and Dynamic/Behavior Signature-based and Static



Features and Benefits

Automated breach protection

Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization

Improved efficacy and performance

Leverages machine learning and deep learning models that enhance static and dynamic malware analysis, and code analysis.

Broad integration

Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform

Unified IT-OT zero-day threat protection

Protects across both IT and OT environments and assets from malware

Accelerated threat investigation

Built-in MITRE ATT&CK matrix identifies a variety of malware techniques

Independently top-rated

NSS Labs "Recommended" for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense

FortiSandbox: Zero-day Threat Protection News

FortiSandbox 4.0 Release

FortiSandbox expanded AI capabilities to include Deep Learning and improved ransomware detection, increased performance with adaptive scan, enhanced experience with a redesigned GUI and automated health check alerts, and many more. Review the latest release notes for more information.

NSE 2 Sandbox Updated

Fortinet NSE Institute updates popular sandbox lesson that is open for the public and the wider community.

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.