Today's most sophisticated cybercriminals are increasingly bypassing traditional antimalware solutions and inserting advanced persistent threats deep within networks. These highly targeted attacks evade established signature-based detection by masking their malicious nature in many ways - compression, encryption, polymorphism, the list of techniques goes on. Some have even begun to evade virtual "sandbox" environments using VM detection, "time bombs" and more. Fighting today's attacks requires a comprehensive and integrated approach - more than antimalware. More than a virtual sandbox. More than a separate monitoring system.
FortiSandbox offers a robust combination of proactive detection and mitigation, actionable threat insight and easy, integrated deployment. At its foundation is a unique, dual-level sandbox which is complemented by Fortinet's award-winning antimalware and optional integrated FortiGuard threat intelligence. Years of Fortinet threat expertise is now packaged up and available on site via FortiSandbox.
Proactive detection and mitigation
Suspicious codes are subjected to multi-layer pre-filters prior to execution in the virtual OS for detailed behavioral analysis. The highly effective pre-filters include a screen by the AV engine, queries to cloud-based threat databases and OS-independent simulation with a code emulator, followed by execution in the full virtual runtime environment. Once a malicious code is detected, results are submitted for antimalware signature creation as well as updates to other threat databases.
All classifications - malicious and high/medium/low risk - are presented within an intuitive dashboard. Full threat information from the virtual execution - including system activity, exploit efforts, web traffic, subsequent downloads, communication attempts and more - is available in rich logs and reports.
Fortinet next generation firewalls, secure email gateways, endpoint security and similar solutions use security such as antivirus, web filtering, IPS, and other traditional security techniques to quickly and efficiently prevent known threats from impacting an organization.
Detect and analyze threats
FortiSandbox and other advanced detection techniques step in to detect "Zero-day" threats and sophisticated attacks, delivering risk ratings and attack details necessary for remediation.
Mitigate impact and improve protection
In a Fortinet solution, detection findings can be used to trigger prevention actions to ensure the safety of resources and data until remediation is in place. Finally, the entire security ecosystem updates to mitigate any impact from future attacks through the strong, integrated threat intelligence research and services of FortiGuard Labs.
FortiSandbox supports inspection of many protocols in one unified solution, thus simplifies network infrastructure and operations. Further, it integrates with FortiGate as a capability within your existing security framework. The FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers' unique configurations and requirements. Organizations can also have all three input options at the same time.
This deployment mode relies on inputs from spanned switch ports and/or administrators' on-demand file uploads using the GUI. It is the most suitable infrastructure for adding protection capabilities to existing threat protection systems from variousvendors.
The FortiGate, as the Internet Security Gateway, and FortiMail, as a Secure Email Gateway, can be set up to submit suspicious files to the FortiSandbox. This seamless integration reduces network complexity and expands the applications and protocols supported including SSL encrypted ones such as HTTPS.
Distributed FortiGate integrated
This deployment is attractive for organizations that have distributed environments, where FortiGates are deployed in the branch offices and submit suspicious files to a centrallylocated FortiSandbox. This setup yields the benefits of lowest TCO and protects against threats in remote locations.
Complement your established defenses with cutting-edge capability - analyzing suspicious and high-risk files in a contained environment to uncover the full attack lifecycle using system activity and callback detection.
Detailed file analysis report File Analysis Tools
Reports with captured packets, original file, tracer log and screenshot provide rich threat intelligence and actionable insight after files are examined. This is to speed up remediation and updated protection.
Remediation with FortiMail
With many advanced threats starting with a targeted email that contains custom malware, in addition to social engineering that entices the user to open it, organizations are extending their secure email gateway (SEG) with integrated sandboxing. Specifically, the SEG will hold messages while additional analysis is performed in this contained run-time environment and, ultimately, apply policies based on its returned findings.