Fortinet Sandbox Solutions and Services

AI-powered sandboxing solutions protect against zero-day and sophisticated cyberthreats

Overview

Sandboxing solutions from Fortinet detect and analyze zero-day malware and other advanced file-based threats. The combination of service and product provides a comprehensive, coordinated, integrated, and scalable approach to advanced detection and protection from file-based zero-day threats. The FortiGuard AI-based Inline Malware Prevention Service offers the industry’s first inline blocking on an NGFW. Flexible deployment options include Platform-as-a-Service, Software-as-a-Service, virtual machine, and hardware appliances to suit any use case and type of organization.

Immediate Protection with Real-Time Analysis

The FortiGuard AI-based Inline Malware Prevention Service combines multilayered advanced threat filtering. It uses AV, CPRL, static and dynamic analysis with deep neural networks, AI/ML, and FortiGuard threat intelligence to render verdicts in real time without impact on productivity or security overhead. The service is available globally.

Comprehensive Security

FortiSandbox is the ultimate combination of AI/ML-powered detection and threat filtering. It detects and remediates threats that traditional approaches miss. Deploy as on-premises, cloud, or a hosted service for your enterprise, OT, or SOC needs.

FortiSandbox offers proactive detection, classification, and protection against emerging and unknown threats including zero-days, ransomware, malware, and sophisticated AI-based attacks. It functions autonomously or seamlessly integrates with the Fortinet Security Operations (SecOps) platform, offering comprehensive and coordinated defense against threats.

Inline Malware Prevention Delivers Real-Time Zero-day Protection

How Inline Malware Prevention Service Works

The FortiGuard AI-based Inline Malware Prevention Service does not let any suspicious files pass into the organization. A combination of AV, advanced threat filtering, and AI/ML narrows down file-based threats. This eliminates false positives to focus on unknown threats that can pose actual risk.

The service blocks all unknown files at the NGFW and sends them to the sandbox of choice for further real-time analysis.

Static and dynamic analysis of suspicious files results in sub-second malware detection and verdicts. If the file is clean, the NGFW will release the file to the user. Otherwise, the file will be blocked and quarantined for further action.

What is Advanced Threat Filtering?

Advanced threat filtering optimizes file analysis while reducing false positives. Combining AV and techniques like AI/ML, CPRL, behavioral and heuristic analysis, deep inspection, and advanced threat filtering filters out the noise. It sends only select, higher risk unknown and zero-day files for deeper sandbox analysis.

Advanced threat filtering reduces file processing time and enables quicker time to verdict while maintaining a high security posture.

New in FortiSandbox

FortiSandbox sets a new standard in sandboxing technology. Embrace the power of advanced threat detection and protection while enjoying the benefits of unmatched performance gains, reduced footprint, and significant cost savings with this innovative solution. Key features include:

Unprecedented performance: Experience up to 10x increase in effective throughput with FortiSandbox 4.4. Processing an impressive 70,000 files per hour, this upgrade allows you to respond to potential threats quickly and effectively.
Reduced footprint: High throughput means using fewer hardware appliances. This enables you to effectively reduce your footprint without compromising processing power. This translates into simplified deployment and optimized resource utilization.
Enhanced cost efficiency: By reducing the number of units, you can reduce cost of ownership. With this upgrade, you can achieve robust ransomware protection while maximizing your investment and optimizing your security budget.
Real-time antiphishing: This adds an extra layer of defense against phishing attacks by detecting, blocking, and rating unrated malicious websites, protecting against spam, zero-day phishing attempts, and targeted spear-phishing attacks—in real time.

Watch Now

Find out more about FortiSandbox 4.4

Services and Product Deployment Options

Service/Product	Type	Description	Inline Blocking
FortiGuard AI-based Inline Malware Prevention Service	SaaS subscription	The FortiGuard AI-Based Inline Malware Prevention Service is an a-la-carte service for FortiGate NGFWs. It is also available as part of the Enterprise Bundle. It uses static/dynamic analysis, heuristic and behavioral analysis along with AI/ML to protect organizations against unknown and zero-day threats. It also provides enrichment for SOC teams.	Yes
FortiSandbox SaaS	SaaS subscription	Available as part of FortiGate Cloud, this subscription sandbox service protects against zero-day malware.	No
FortiSandbox PaaS	PaaS subscription	This Fortinet-hosted sandbox is a subscription service. It includes FortiSandbox VM with dedicated resources for high performance and centralization of reports.	Yes
FortiSandbox Virtual Appliance	VM subscription	FortiSandbox VMs are offered as an alternative to hardware for greater deployment flexibility with the same features.	Yes
FortiSandbox Hardware	HW bundle + licenses	FortiSandbox hardware appliances natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share, and sniffers to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities to those devices.	Yes

Fortinet Security Fabric Integrations

The strength of Fortinet's platform-driven approach is to enable coordinated workflows including response while customers benefit from a globalized network effect across Fortinet’s worldwide install base. The FortiSandbox solutions and services portfolio are integrated into the following Fabric solutions:

FortiGate	FortiMail	FortiNDR	FortiEDR	FortiProxy	FortiSIEM
FortiADC	FortiClient	FortiSOAR	FortiWeb	FortiSASE	More to come...

Sandbox Use Cases

With a growing attack surface, organizations need protection against sophisticated, multi-vector, and multi-stage AI/ML-driven zero-day attacks. Sandboxing solutions from Fortinet detect and block zero-day and other advanced attacks from ever becoming threats. Key use cases include the following:

Secure Networks

Block zero-day threats from entering your network with advanced threat filtering coupled with AI, ML, and global threat intelligence. Ensure security while keeping pace with enterprise traffic and reducing security overhead.

Secure Email

When integrated with Fortinet FortiMail, suspicious files in emails—including email-based ransomware—can be detonated and analyzed before reaching intended recipients.

Secure OT Networks

IT/OT convergence coupled with a need for remote access has opened previously air-gapped OT networks to access by threat actors. Protect your manufacturing, plant, safety, facility, or other OT environments from targeted malware attacks that can bring operations to a halt.

Secure Endpoints

FortiClient and FortiSandbox ensure that no suspicious files or malware are executed at the endpoint and quickly quarantine the endpoint to protect the organization.

Secure Web

When integrated with FortiWeb, web applications are protected against all types of threats including phishing and zero-days.

Features and Benefits

Real-time verdicts

Prevent delays and unknown files from entering the network with real-time analysis and filtering

Anywhere threat protection

Deploy inline on hardware & VM appliances on-premises, or use SaaS or PaaS options

Integration at every stage

Extend zero-day threat protection to NGFWs and other major areas of your infrastructure

Accelerated Threat Investigation

Speed investigation with built-in MITRE ATT&CK® matrix to identify a variety of malware

Holistic IT/OT Zero-day Threat Protection

Protect IT, OT, and converged environments and assets with one solution

Reduce Security Overhead

Block unknown files and experience fewer incidents and less investigation and mitigation time

Resources

Data Sheets

FortiGuard Ordering Guide FortiSandbox Data Sheet FortiSandbox Ordering Guide

White Papers

Shift from Detection to Real-Time Protection with Inline Sandboxing Top Seven Reasons to Implement an Inline Sandbox Stop Zero-Day and Previously Unknown Threats with the FortiGuard Inline Sandbox Service FortiGuard AI-Powered Security

Videos

What's New in FortiSandbox v4.4 FortiSandbox Inline Blocking with FortiGate What's New in FortiSandbox 4.2