Fortinet's ATP Security Fabric Approach
Fortinet FortiSandbox Solution automates protection of your organization from 0-day attacks across various threat vectors.
立即觀看Malware Sandbox
Simple. Powerful. Anywhere.
Contact Sales
Overview
What is a Malware Sandbox?
Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.
However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.
A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.
Typical characteristics found in a malware sandbox:
- Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
- Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
- Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
- Reporting and automated sharing of threat intelligence
- Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments
To learn more about sandboxing, please refer to NSE 2 Sandbox
FortiSandbox Models and Specifications
FortiSandbox broad form factor offering including physical, virtual appliance to public cloud and as a hosted service that supports various deployment options to fit any environment.
View by:
Form Factor |
1 RU |
Effective real-world throughput (files/hr) |
200 (upgradeable to 600) |
港口 |
4x GE RJ45 ports |
Form Factor |
2 RU |
Effective real-world throughput (files/hr) |
800 |
港口 |
6x GE RJ45 ports, 2x GE SFP slots |
Form Factor |
2 RU |
Effective real-world throughput (files/hr) |
400 (upgradeable to 2,400) |
港口 |
4x GE RJ45 ports, 2x 10 GE SFP+ slots |
Form Factor |
2 RU |
Effective real-world throughput (files/hr) |
800 (upgradeable to 5,600) |
港口 |
4x GE RJ45 ports, 2x 10 GE SFP+ slots |
Form Factor |
3 RU |
Effective real-world throughput (files/hr) |
3,600 (upgradeable to 6,000) |
港口 |
20x GE RJ45 ports, 10x 10 GE SFP+ slots (4x GE RJ45 ports, 2x 10 GE SFP+ slots per node) |
FortiSandbox VM supports VMware ESXi version 5.1 or later, and Linux KVM CentOS 7.2 or later.
Effective real-world throughput (files/hr) |
Hardware dependent |
港口 |
6 (minimum) virtual network interfaces |
Effective real-world throughput (files/hr) |
500 (upgradeable to 20,000) |
港口 |
6 (minimum) virtual network interfaces |
As businesses move to the cloud, it is imperative to extend the security infrastructure to protect assets natively in the cloud against sophisticated threats. FortiSandbox support of public cloud includes Amazon Web Services (AWS) On-Demand (pay-as-you go) and BYOL (Bring Your Own License), allows organizations to build a comprehensive cloud security architecture that integrates FortiSandbox with FortiGate, FortMail, FortiWeb, FortiClient, and 3rd party solutions.
Please see the AWS Marketplace listings for more information:
FortiSandbox Cloud offers an alternate deployment option to the FortiSandbox appliance for organizations searching for a turnkey solution. It delivers the same rapid detection and automated response, but in the cloud. This provides unlimited flexibility to complement FortiGates in any deployment scenario such as distributed enterprise, data center, and more.
The FortiSandbox Cloud is available with the FortiGate next-generation firewall, FortiMail secure email gateway, and FortiWeb web application firewall, and FortiProxy secure web gateway.
If you are an existing FortiSandbox Cloud customer, please click here to access the service.
View by:
Case Studies
White Papers
Solution Guides
Webinars and Videos
Training
▼
View by:
Case Studies
Yedpay
Yedpay Protects New Cloud Environment With Fortinet Security Fabric, Powering Business Growth
The Paper Store
Keeps cash registers running across the expanding store footprint with Secure SD-WAN
Fortinet is proud to announce that, for the second consecutive year, we have been recognized as a Customers’ Choice in the April 2021 Gartner Peer Insights ‘Voice of the Customer’: Network Firewalls report.
The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings. To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.
As an integral part of the Fortinet Security Fabric, our FortiGate Next-Generation Firewalls (NGFWs) enable a Security-driven Networking approach to protect any network edge and any user at scale, while ensuring high performance. And powered by Fortinet’s custom built Security Processing Units (SPUs), FortiGate NGFWs offer the industry’s highest security compute rating.
With FortiGate NGFWs, organizations can:
Manage internal and external security risks: FortiGate NGFWs provide complete visibility into applications, threats, and networks to keep operations running and ensure business continuity. Further, network-based segmentation stops lateral threats and protects against application vulnerabilities with enhanced AI/ML powered by FortiGuard services to thwart cyberattacks.
Achieve optimal ROI through consolidation: FortiGate NGFWs seamlessly converge and accelerate networking and multiple security functions into a single solution to reduce cost and optimize user experience.
Improve operational efficiency: Fortinet’s Fabric Management Center streamlines operations across Security Fabric and extends beyond to 400+ ecosystem integrations with a consolidated view to simplify enterprise-wide workflows.
Here is a small sampling of the top reviews posted by Fortinet customers on the Gartner Peer Insights website*:
★★★★★
"Stable and Reliable Firewall" — Cloud Infrastructure Engineer in the Finance Industry, Firm Size: 50M-250M USD
Overall user rating: 5/5 stars
"We use FortiGate in our company's HQ and many of the branches across the country. For a company that deals mainly with sensitive customers data, we needed to make sure that our networks are protected by the best firewall solution that's available (also thanks to Gartner reviews)."
★★★★★
“Tons Of Value in a Small Package” — Director of IT in the Retail Industry, Firm Size: 500M-1B USD
Overall user rating: 5/5 stars
"We decided to deploy the full Fortinet network stack including FortiGate 60E's to all 90+ of our retail locations. We further deployed FortiGate 200E's in HA pairs to all datacenter locations. These UTM appliances are some of the best and most feature rich I have ever used."
★★★★★
“Delivered What We Were Looking For” — VP, Deputy CIO in the Finance Industry, Firm Size: 1B-3B USD
Overall user rating: 5/5 stars
“Our experience with implementing this solution has been very satisfactory. We went with Fortinet for price and simplicity and have received what we were looking for."
★★★★★
"Strong Firewall Solution That Protects Your Business Systems" — Programmer in the Finance Industry, Firm Size: 50M – 250M USD
Overall user rating: 5/5 stars
"Very easy to implement and configure, especially if you already have other Fortinet products in your network they all bind in to the one "security fabric" and provide a great overview of all your network devices and events in your network. Also the price is superb for such product."
★★★★★
"NGFW That Needs To Be In Your Company" — PHP Backend Developer in the Finance Industry, Firm Size: 50M – 250M USD
Overall user rating: 5/5 stars
"FortiGate NGFW is the main guard of our IT infrastructure. All network goes through it. It can easily handle all our traffic. Now, most of the employees are working from home so VPN is getting hit really bad, but that is not a problem for FortiGate."
FortiGuard Security Services for FortiSandbox
FortiSandbox employs FortiGuard Threat Intelligence including an extended AV signature set, IPS, Web Filtering, emerging malware query, and sandbox engine updates to improve the robustness of threat detection as well as accelerate threat analysis and verdict determination.
Antivirus
FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
Intrusion Prevention
FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.
Web Filtering
Protects your organization by blocking access to malicious, hacked, or inappropriate websites.
FortiSandbox Alliance Partners
FortiSandbox provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiSandbox Fabric-Ready API Alliance Partners:
SentinelOne
SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organized crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.
Ziften
Ziften simplifies endpoint protection.
The Zenith endpoint protection platform is a single product that stops cyber-attacks on all enterprise endpoints – laptops, desktops, servers, and cloud. The single agent deploys quickly and delivers (1) best-in-class zero-day protection, (2) complete investigation, (3) the most flexible response, plus (4) security posture analysis. The result is simplified endpoint protection to easily stop cyber-attacks with the people and budget you already have. Together with Fortinet, Ziften leverages the Fortinet Security Fabric to help customers better secure their endpoints, servers, and network.
Today's sophisticated zero-day and targeted attacks cannot be stopped by any one type of security. Zero-day threat protection is key to preventing data breaches and other consequences of a successful attack. Check out the full demo of the Fortinet AI-powered sandbox, FortiSandbox, and see how MITRE ATT&CK reporting and actionable dashboards speed response. This consolidated approach inspects all protocols and performs all functions on a unified, high-performance appliance.
Fortinet Sandbox Videos
|
Fortinet 3rd Generation Malware Sandbox Solution
- Simple: Easy integration to an existing security infrastructure to automate threat response.
- Powerful: Built-in machine learning and deep learning engines that improve security efficacy by up to 25% over traditional sandbox detection.
- Anywhere: Flexible deployment options for Information Technology (IT) or Operational Technology (OT) environment to protect the dynamic attack surface.
Interested in learning more with hands-on exercises? Come join us in our Fast Track event featuring FortiSandbox. Register here.
FortiSandbox consistently awarded a Recommendation from NSS Labs and Certification from ICSA Labs
Read NSS Labs Report
Breach Prevention Systems Test Report. In Q1 2019 NSS Labs performed an independent test of the Fortinet FortiGate 500E v6.0.3 + FortiClient v6.0.3.6219 + FortiSandbox v3.0.2 (AWS BYOL)
Read ICSA Labs Report
ICSA Labs tested the Fortinet Advanced Threat Protection Solution (ATP) for 33 days during Q3 2020 to determine how well it detected new and little-known malicious threats.
Sandbox and AV: Which is better?
| Sandbox | AV | |
| 0-day Malware | Yes | No |
| Type of malware detection | Known, polymorphic, unknown | Known and polymorphic |
| Malware analysis | Static and Dynamic/Behavior | Signature-based and Static |
Features and Benefits
Automated breach protection
Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization
Improved efficacy and performance
Leverages machine learning and deep learning models that enhance static and dynamic malware analysis, and code analysis.
Broad integration
Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform
Unified IT-OT zero-day threat protection
Protects across both IT and OT environments and assets from malware
Accelerated threat investigation
Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
Independently top-rated
NSS Labs "Recommended" for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense
Building a Cybersecurity Workforce
Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.
學到更多
