FortiSandBox

Third Generation Malware Sandbox

Top-rated AI-powered FortiSandbox is part of Fortinet’s breach protection solution that integrates with Fortinet’s Security Fabric platform to address the rapidly evolving and more targeted threats including ransomware, crypto-malware, and others across a broad digital attack surface. Specifically, it delivers real-time actionable intelligence through the automation of zero-day advanced malware detection and response.

Feature Benefits

Breach Protection for

  • Remote Office
  • Branch
  • Campus
  • Data Center
  • Public Cloud (AWS and Azure)

FEATURE HIGHLIGHTS

Automated Breach Protection

Fortinet’s ability to uniquely integrate various products with FortiSandbox through the Security Fabric platform automates your breach protection strategy with an incredibly simple setup. Once a malicious code is identified, the FortiSandbox will return risk ratings and the local intelligence is shared in real time with Fortinet, Fabric-Ready Partner, and third-party security solutions to mitigate and immunize against new advanced threats. The local intelligence can optionally be shared with Fortinet threat research team, FortiGuard Labs, to help protect organizations globally. Figure 2 steps through the flow on the automated mitigation process.

MITRE ATT&CK-based Reporting and Investigative Tools

FortiSandbox provides detailed analysis report that maps discovered malware techniques to MITRE ATT&CK framework with built-in powerful investigative tools that allows Security Operations (SecOps) team to download captured packets, original file, tracer log, and malware screenshot, and STIX 2.0 compliant IOCs that not only provides rich threat intelligence but actionable insight after files are examined (see Figure 3).

In addition, SecOps team can choose to record a video of the entire malware interaction or manually interact with the malware in a simulated environment.

DEPLOYMENT OPTIONS

Easy Deployment

FortiSandbox supports inspection of many protocols in one unified solution, thus simplifying both network and security, infrastructure and operations while reducing overall Total Cost of Ownership. Further, it integrates within the Security Fabric platform, adding a layer of advanced threat protection to your existing security architecture.

FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers’ unique configurations and requirements. Organizations can choose to combine these deployment options.

Integrated

FortiSandbox natively integrates with FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy, FortiClient (ATP agent), and FabricReady Partner solutions, and via JSON API or ICAP with third-party security vendors to intercept and submit suspicious content to FortiSandbox. The integration will also provide timely remediation and reporting capabilities to those devices.

This integration extends to other FortiSandboxes to allow instantaneously sharing of real-time intelligence. This benefits large enterprises that deploy multiple FortiSandboxes in different geo-locations. This zero-touch automated model is ideal for holistic protection across different borders and time zones.

Standalone

This FortiSandbox deployment mode accepts inputs from spanned switch ports or network taps, and emails via MTA or BCC mode. It may also include SecOps analyst on-demand file uploads or scanning of file repositories via CIFs, NFS, AWS S3 and Azure Blob through the GUI. It is the ideal option to enhancing an existing multi-vendor threat protection approach.

Leave a comment

Hey, so you decided to leave a comment! That's great. Just fill in the required fields and hit submit. Note that your comment will need to be reviewed before its published.