Top-Rated Proactive Advanced Threat Detection

overview

FortiSandbox

Fortinet’s top-rated FortiSandbox is at the core of the Advanced Threat Protection (ATP) solution that integrates with Fortinet’s Security Fabric to address the rapidly evolving and more targeted threats across a broad digital attack surface. Specifically, it delivers real-time actionable intelligence through the automation of zero-day, advanced malware detection and mitigation.

With the increasing volume and sophistication of cyber-attacks, it takes only one threat to slip through security for a data breach to occur. CISOs have adopted sandboxing as an essential component of their security strategies to help combat previously unknown threats.

While attack surfaces are becoming more dynamic due to the rise of IoT and cloud-based services, a continuing shortage of cyber security talent is driving organizations to integrate sandboxing with greater controls and a high degree of automation.

BENEFITS

Features and Benefits

Broad Coverage of the Attack Surface with Security Fabric
Effective defense against advanced targeted attacks through a cohesive and extensible architecture working to protect networks, emails, web applications and endpoints from campus to the cloud.

Automated Zero-day, Advanced Malware Detection and Mitigation
Native integration and open APIs automate the submission of objects from Fortinet and third-party vendor protection points, and the sharing of threat intelligence in real time for immediate threat response and reduction on the reliance on scarce security resources.

Certified and Top Rated
Constantly undergoes rigorous, real-world independent testing and consistently earns top marks in dealing with known and unknown threats

Sandbox Malware Analysis
Complement your established defenses with a two-step sandboxing approach. Suspicious and at-risk files are subjected to the first stage of analysis with Fortinet’s award-winning AV engine, FortiGuard global intelligence query, and code emulation. Second stage analysis is done in a contained environment to uncover the full attack lifecycle using system activity and callback detection.
In addition to supporting FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy, FortiClient (ATP agent) and Fabric-Ready Partner submission, third-party security vendor offerings are supported through a well-defined open API set.

Reporting and Investigative Tools
Reports with captured packets, original file, tracer log, and screenshot provide rich threat intelligence and actionable insight after files are examined.
This is to speed up remediation.open API set.

Threat Mitigation
Fortinet’s ability to uniquely integrate various products with FortiSandbox through the Security Fabric offers automatic protection with incredibly simple setup. Once a malicious code is identified, the FortiSandbox will return risk ratings and the local intelligence is shared in real time with Fortinet and third-party vendor-registered devices and clients to remediate and immunize against new advanced threats. The local intelligence can optionally be shared with Fortinet threat research team, FortiGuard Labs, to help protect organizations globally.

Easy Deployment
FortiSandbox supports inspection of many protocols in one unified solution, thus simplifies network infrastructure and operations. Further, it integrates within the Security Fabric adding a layer of advanced threat protection to your existing security architecture.
The FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers’ unique configurations and requirements. Organizations can choose to combine these deployment options.

Standalone
This FortiSandbox deployment mode accepts inputs as an ICAP server or from spanned switch ports or network taps. It may also include administrators’ on-demand file uploads or scanning of file respositories via CIFs or NFS through the GUI. It is the ideal option to enhancing an existing multi-vendor threat protection approach.

Integrated
Fortinet products, such as FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy and FortiClient (ATP agent) and third-party security vendors can intercept and submit suspicious content to FortiSandbox when they are configured to interact with FortiSandbox. The integration will also provide timely remediation and reporting capabilities to those devices. This integration extends to other FortiSandboxes to allow instantaneous sharing of real-time intelligence. This benefits large enterprises that deploy multiple FortiSandboxes in different geo-locations. This zero-touch automated model is ideal for holistic protection across different borders and time zones.

Delivery

Available in

  • refresh-database-1856_a6704a77-603a-45b0-925d-41498e0fb1aa

    Appliance

  • radar-signal-727_b1dcc914-3ee5-449c-941e-d4684ee50ba3

    Virtual Machine

  • handshake-2819_4c48473b-74a8-4575-890d-e1824695a74c

    Cloud

Models and Specifications

Hardware

FortiSandbox-500F

  • Form Factor
  • 1 RU
  • Effective Real-World
    throughput
    (files/hr)
  • 200 (upgradeable to 600)
  • Ports
  • 4x GE RJ45 ports

FortiSandbox-1000D

  • Form Factor
  • 2 RU
  • Effective Real-World
    throughput
    (files/hr)
  • 800
  • Ports
  • 6x GE RJ45 ports, GE SFP slots

FortiSandbox-2000E

  • Form Factor
  • 2 RU
  • Effective Real-World
    throughput
    (files/hr)
  • 400 (upgradeable to 2400)
  • Ports
  • 4x GE RJ45 ports,2x 10 GE SFP+ slots

FortiSandbox-3000E

  • Form Factor
  • 2 RU
  • Effective Real-World
    throughput
    (files/hr)
  • 800 (upgradeable to 5600)
  • Ports
  • 4x GE RJ45 ports,2x 10 GE SFP+ slots

FortiSandbox-3500D

  • Form Factor
  • 3 RU
  • Effective Real-World
    throughput
    (files/hr)
  • 3600 (upgradeable to 6000)
  • Ports
  • 20x GE RJ45 ports,10x 10 GE SFP+ slots (4x GE RJ45 ports, 2x 10 GE SFP+ slots per node)
Virtual Machines

FortiSandbox-VM(Local VMs)

  • Effective Real-World
    throughput
    (files/hr)
  • Hardware dependent
  • Ports
  • 6(minimum) virtual network interfaces

FortiSandbox-VM(Cloud VMs)

  • Effective Real-World
    throughput
    (files/hr)
  • 500 (upgradeable to 20000)
  • Ports
  • 6(minimum) virtual network interfaces