FortiSandbox: Proactive Threat Detection and Mitigation
Today’s most sophisticated cybercriminals are increasingly bypassing traditional antimalware solutions and inserting advanced persistent threats deep within networks. These highly targeted attacks evade established signature-based detection by masking their malicious nature in many ways – compression, encryption, polymorphism, the list of techniques goes on.
Some have even begun to evade virtual “sandbox” environments using VM detection, “time bombs” and more. Fighting today’s attacks requires a comprehensive and integrated approach – more than antimalware. More than a virtual sandbox. More than a separate monitoring system.
FortiSandbox offers a robust combination of proactive detection and mitigation, actionable threat insight and integrated and automated deployment. At its foundation is a unique, duallevel sandbox which is complemented by Fortinet’s award-winning antimalware and optional integrated FortiGuard threat intelligence. Years of Fortinet threat expertise is now packaged up and available on site or in the cloud via FortiSandbox.
Suspicious codes are subjected to multi-layer pre-filters prior to execution in the virtual OS for detailed behavioral analysis. The highly effective pre-filters include a screen by our AV engine, queries to cloud-based threat databases and OS-independent simulation with a code emulator, followed by execution in the full virtual runtime environment. Once a malicious code is detected, granular ratings along with key threat intelligence is available, a signature is dynamically created for distribution to integrated products and full threat information is optionally shared with FortiGuard Labs for the update of global threat databases.
All classifications – malicious and high/medium/low risk – are presented within an intuitive dashboard. Full threat information from the virtual execution – including system activity, exploit efforts, web traffic, subsequent downloads, communication attempts and more – is available in rich logs and reports.
Pricing Notes:
Complement your established defenses with cuttingedge capability – analyzing suspicious and high-risk files in a contained environment to uncover the full attack lifecycle using system activity and callback detection.
Reports with captured packets, original file, tracer log and screenshot provide rich threat intelligence and actionable insight after files are examined. This is to speed up remediation and updated protection.
Fortinet’s ability to uniquely integrate various products with FortiSandbox offers automatic protection with incredibly simple setup. Once a malicious code is determined, the analyzer will develop and forward the dynamically generated signature to all registered devices and clients. These devices then examine subsequent files against the latest DB.
AV Engine
Cloud Query
Code Emulation
Full Virtual Sandbox
Call Back Detection
Administration
Networking/Deployment
Systems Integration
Advanced Threat Protection
Monitoring and Report
Pricing Notes:
FortiSandbox VM | |
---|---|
Hardware Requirementy | |
Hypervisor Support | VMware ESXi version 5.1 or later, Citrix XenServer 6.2 or later, Linux KVM CentOS 7.2 or later |
Virtual CPUs (Minimum / Maximum) | 4 / Unlimited (Fortinet recommends that the number of vCPUs match the number of Windows VM +4.) |
Memory Support (Minimum / Maximum) | 8 GB / Unlimited |
Virtual Storage (Minimum / Maximum) | 30 GB / 16 TB |
Total Virtual Network Interfaces (Minimum) | 6 |
System | |
VM Sandboxing (Files/Hour) | Hardware Dependent |
AV Scanning (Files/Hour) | Hardware Dependent |
Number of VMs | 4 to 54 (Upgrade via appropriate licenses) |
FortiGate | FortiClient | FortiMail | FortiWeb | ||
---|---|---|---|---|---|
FSA Appliance and VM | File Submission | *FortiOS V5.0.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | FortiWeb OS V5.4+ |
File Status Feedback | *FortiOS V5.0.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | FortiWeb OS V5.4+ | |
File Detailed Report | *FortiOS V5.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | – | |
Dynamic Threat DB Update | *FortiOS V5.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.3+ | FortiWeb OS V5.4+ | |
FortiSandbox Cloud | File Submission | *FortiOS V5.2.3+ | – | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ |
File Status Feedback | *FortiOS V5.2.3+ | – | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ | |
File Detailed Report | *FortiOS V5.2.3+ | – | – | – | |
Dynamic Threat DB Update | *FortiOS V5.4+ | – | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ |
*some models may require CLI configuration
Pricing Notes:
Copyright @2023 | All Right reserved