Skip to content Skip to navigation Skip to footer

FortiSandbox: Absolute Malware Sandbox Security

Contact Sales
FortiSandbox: Absolute Malware Sandbox Security
banner background banner dots

Overview

What is a Malware Sandbox?

Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.

However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.

A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.

Typical characteristics found in a malware sandbox:

  1. Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
  2. Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
  3. Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
  4. Reporting and automated sharing of threat intelligence
  5. Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments
To learn more about sandboxing, please refer to NSE 2 Sandbox

FortiSandbox Models and Specifications

FortiSandbox broad form factor offering including physical, virtual appliance to public cloud and as a hosted service that supports various deployment options to fit any environment. 

View by:

Form Factor
1 RU
Effective real-world throughput (files/hr)
200 (upgradeable to 600)
港口
4x GE RJ45 ports
Form Factor
2 RU
Effective real-world throughput (files/hr)
800
港口
6x GE RJ45 ports, 2x GE SFP slots
Form Factor
2 RU
Effective real-world throughput (files/hr)
400 (upgradeable to 2,400)
港口
4x GE RJ45 ports, 2x 10 GE SFP+ slots
Form Factor
2 RU
Effective real-world throughput (files/hr)
800 (upgradeable to 5,600)
港口
4x GE RJ45 ports, 2x 10 GE SFP+ slots
Form Factor
3 RU
Effective real-world throughput (files/hr)
3,600 (upgradeable to 6,000)
港口
20x GE RJ45 ports, 10x 10 GE SFP+ slots (4x GE RJ45 ports, 2x 10 GE SFP+ slots per node)
FortiSandbox VM supports VMware ESXi version 5.1 or later, and Linux KVM CentOS 7.2 or later. 

Effective real-world throughput (files/hr)
Hardware dependent
港口
6 (minimum) virtual network interfaces
Effective real-world throughput (files/hr)
500 (upgradeable to 20,000)
港口
6 (minimum) virtual network interfaces

As businesses move to the cloud, it is imperative to extend the security infrastructure to protect assets natively in the cloud against sophisticated threats. FortiSandbox support of public cloud includes Amazon Web Services (AWS) On-Demand (pay-as-you go) and BYOL (Bring Your Own License), allows organizations to build a comprehensive cloud security architecture that integrates FortiSandbox with FortiGate, FortMail, FortiWeb, FortiClient, and 3rd party solutions.

Please see the AWS Marketplace listings for more information:

FortiSandbox on AWS BYOL

FortiSandbox on AWS On-Demand

FortiSandbox Cloud offers an alternate deployment option to the FortiSandbox appliance for organizations searching for a turnkey solution. It delivers the same rapid detection and automated response, but in the cloud.  This provides unlimited flexibility to complement FortiGates in any deployment scenario such as distributed enterprise, data center, and more.

The FortiSandbox Cloud is available with the FortiGate next-generation firewall, FortiMail secure email gateway, and FortiWeb web application firewall, and FortiProxy secure web gateway.

If you are an existing FortiSandbox Cloud customer, please click here to access the service.

View by:

FortiGuard Security Services for FortiSandbox

FortiSandbox employs FortiGuard Threat Intelligence including an extended AV signature set, IPS, Web Filtering, emerging malware query, and sandbox engine updates to improve the robustness of threat detection as well as accelerate threat analysis and verdict determination. 

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

FortiSandbox Alliance Partners

FortiSandbox provides integration with many leading IT vendors as part of the Fortinet Security Fabric.  Below is a list of current FortiSandbox Fabric-Ready API Alliance Partners:

Fortinet Sandbox Videos

Fortinet's ATP Security Fabric Approach

Fortinet FortiSandbox Solution automates protection of your organization from 0-day attacks across various threat vectors.

立即觀看

Fortinet Malware Sandbox Solution

  • First-in-the-industry patent-pending Machine Learning (ML)-based static analysis, and ML-based dynamic analysis
  • MITRE ATT&CK standards-based reporting
  • Automated 0-day breach protection with integration to both Fortinet and non-Fortinet solutions

 

"Deploying FortiSandbox to protect our organization against zero-day threats was seamless through Fortinet’s Security Fabric platform. FortiSandbox secures our perimeter, client and mail servers, and ultimately is protecting our assets from advanced unknown threats. Leveraging FortiSandbox’s AI-driven capabilities has helped us keep pace with AI-driven threats, all while providing an easy and simplified way to configure and manage our security."
Dario Palermo
System and Network Administrator at Ente Autonomo Volturno

 

Read our customer case studies and testimonials here.

Interested in learning more with hands-on exercises? Come join us in our Fast Track event featuring FortiSandbox. Register here

 

FortiSandbox consistently awarded a Recommendation from NSS Labs and Certification from ICSA Labs

Fortinet’s FortiSandbox combined security efficacy, performance and low TCO is an industry proven solution. See the report to learn more about how other vendors compare to Fortinet.

Sandbox and AV: Which is better?

  Sandbox AV
0-day Malware Yes No
Type of malware detection Known, polymorphic, unknown Known and polymorphic
Malware analysis Static and Dynamic/Behavior Signature-based and Static

 

 

Features and Benefits

top rate icon

Independently top-rated

NSS Labs "Recommended" for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense
icon artificial intelligent

Improved efficacy and performance

Leverages two machine learning models that enhance static and dynamic malware analysis of zero-day threats
checkmark icon

Accelerated threat investigation

Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
integration icon

Broad integration

Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform
Icon automation

Automated breach protection

Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization
Malware Protection

Unified IT-OT zero-day threat protection

Protects across both IT and OT environments and assets from malware

FortiSandbox: Zero-day Threat Protection News

NSE 2 Sandbox Updated

Fortinet NSE Institute updates popular sandbox lesson that is open for the public and the wider community.

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

學到更多