FortiGuard Inline Sandbox Service
Superior sandbox solutions to protect against zero-day and sophisticated cyberthreats.
Download Data Sheet
Overview
Sandboxing solutions from Fortinet detect and analyze zero-day malware and other advanced file-based threats. The combination of service and product provides a comprehensive, coordinated, integrated, and scalable approach to advanced detection and protection from file-based zero-day threats. Inline sandboxing offers the industry’s first inline blocking on an NGFW. Flexible deployment options include Platform-as-a-Service, Software-as-a-Service, virtual machine, and hardware appliances to suit any use case and type of organization.
Immediate Protection with Real-time Analysis
The FortiGuard Inline Sandbox Service combines multilayered advanced threat filtering. It uses AV, CPRL, AI/ML, dynamic analysis with deep neural networks, and FortiGuard threat intelligence to render verdicts in real time without impact on productivity or security overhead. The service is available globally.
Comprehensive Security
FortiSandbox is the ultimate combination of AI-/ML-powered detection and threat filtering. It detects and remediates threats traditional approaches miss. Deploy as on-prem, cloud, or a hosted service for your enterprise, OT, or SOC needs.
Inline Sandbox Delivers Real-time Zero-day Protection
How Inline Sandbox Works
The FortiGuard Inline Sandbox Service does not let any suspicious files pass into the organization. A combination of AV, advanced threat filtering, and AI/ML, narrows down file-based threats. This eliminates false positives to focus on unknown threats that can pose actual risk.
Inline blocking on the NGFW blocks unknown files and sends them to the inline sandbox.
Static and dynamic analysis of suspicious files results in sub-second malware detection and verdicts. If the file is clean, the NGFW will release the file to the user. Otherwise, the file will be blocked and quarantined for further action.
What is Advanced Threat Filtering?
Advanced threat filtering optimizes file analysis while reducing false positives. Combining AV and techniques like AI/ML, CPRL, deep inspection, advanced threat filtering filters out the noise. It sends only select, higher risk zero-day files for deeper sandbox analysis.
Advanced threat filtering reduces file processing time and enables quicker time to verdict while maintaining a high security posture.
Advanced threat filtering delivers security without guess work.
Services and Products Deployment Options
| Service/Product | Type | Description | Inline Blocking |
|---|---|---|---|
| FortiGuard AI-based Inline Sandbox Service | SaaS subscription | The FortiGuard AI-Based Inline Sandbox Service is a new a-la-carte service for FortiGate NGFWs. It includes inline blocking for sandbox and AI/NDR detection, plus log enrichment for SOC teams | Yes |
| Cloud Sandbox Service | SaaS subscription | Available as part of Fortigate Cloud, is subscription sandbox service that protects against zero-day malware. | No |
| FortiSandbox Hosted | PaaS subscription | Fortinet-hosted sandbox is a subscription service. It includes FortiSandbox VM with dedicated resources for high performance and centralization of reports. | Yes |
| FortiSandbox Virtual Appliance | VM subscription | FortiSandbox VMs are offered as an alternative to hardware for greater deployment flexibility with same features. | Yes |
| FortiSandbox Hardware | HW bundle + licenses | FortiSandbox hardware appliances natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities to those devices. | Yes |
Fortinet Security Fabric Integrations
The strength of Fortinet's platform-driven approach is to enable coordinated workflows including response while customers benefit from a globalized network effect across Fortinet’s worldwide install base. The FortiGuard Sandbox Service and related sandbox portfolio are integrated into the following Fabric solutions:
Sandbox Across the Fabric
Sandbox Use Cases
With a growing attack surface, organizations need protection against sophisticated, multi-vector, and multi-stage AI/ML- driven zero-day attacks. Sandboxing solutions from Fortinet detect and block zero-day and other advanced attacks from ever becoming threats. Key use cases include the following:
Secure Networks
Block zero-day threats from entering your network with advanced threat filtering coupled with AI, ML, and global threat intelligence. Ensure security while keeping pace with enterprise traffic and reducing security overhead.
Secure Email
When integrated with Fortinet FortiMail, suspicious files in emails—including email-based ransomware—can be detonated and analyzed before reaching intended recipients.
Secure OT Networks
IT/OT convergence coupled with a need for remote access has opened previously air-gapped OT networks to access by threat actors. Protect your manufacturing, plant, safety, facility, or other OT environments from targeted malware attacks that can bring operations to a halt.
Features and Benefits
REAL-TIME VERDICTS
Prevent delays and unknown files from entering the network with real-time analysis and filtering.
ANYWHERE THREAT PROTECTION
Deploy inline on hardware & VM appliances on-premises, or use SaaS or PaaS options.
INTEGRATION AT EVERY STAGE
Extend zero-day threat protection to NGFWs and other major areas of your infrastructure.
ACCELERATED THREAT INVESTIGATION
Speed investigation with built-in MITRE ATT&CK® matrix to identify a variety of malware.
HOLISTIC IT/OT ZERO-DAY THREAT PROTECTION
Protect IT, OT, and converged environments and assets with one solution.
