Fortinet Advanced Threat Protection  – FortiSandbox

Available in:

  • Appliance
  • Virtual Machine
  • SaaS
  • Cloud

What is a Malware Sandbox?

Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.

However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.

A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.

FortiSandbox, secured by FortiGuard, offers inspection of all protocols and functions in one appliance. It can integrate with your existing Fortinet infrastructure including FortiGate, FortiMail, and FortiClient, fueling a security ecosystem that automatically protects, learns, and improves your overall threat protection. It delivers highly effective protection against advanced persistent threats that is affordable as well as simple and flexible to deploy and manage. Complement your established defenses with this cutting edge sandbox capability; analyzing files in a contained environment to identify previously unknown threats and uncovering the full attack lifecycle.

Typical characteristics found in a malware sandbox:

  1. Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
  2. Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
  3. Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
  4. Reporting and automated sharing of threat intelligence
  5. Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments

FortiSandbox

FortiSandbox Cloud is a cloud-based managed option for businesses looking for a turnkey solution. It delivers the same rapid detection and automated response as the physical FortiSandbox appliance, but is accessed through the cloud, and provides unlimited flexibility to complement entry and mid-range FortiGates.