Fortinet FortiSandbox FSA-2000E Network Security/Firewall Appliance
Fortinet’s top-rated FortiSandbox is at the core of the Advanced Threat Protection (ATP) solution that integrates with Fortinet’s Security Fabric to address the fast moving and more targeted threats across a broad attack surface. Specifically, it delivers real-time actionable intelligence through the automation of zero-day, advanced malware detection and mitigation.
Broad Coverage of the Attack Surface with Security Fabric
Effective defense against advanced targeted attacks through a cohesive and extensible architecture working to protect network, application layers and endpoint devices.
Automated Zero-day, Advanced Malware Detection and Mitigation
Native integration and open APIs automate the submission of objects from Fortinet and third-party vendor protection points, and the sharing of threat intelligence in real time for immediate threat response.
Certified and Top Rated
Constantly undergoes rigorous, real-world independent testing and consistently earns top marks.
Sandbox Malware Analysis
Complement your established defenses with a two-step sandboxing approach. Suspicious and at-risk files are subjected to the first stage of analysis with Fortinet’s awardwinning AV engine, FortiGuard global intelligence query, and code emulation. Second stage analysis is done in a contained environment to uncover the full attack lifecycle using system activity and callback detection. Figure 1 depicts new threats discovered in real time.
In addition to supporting FortiGate, FortiMail, FortiWeb, and FortiClient (ATP Agent) file submission, third-party security vendor offerings are supported through a well-defined open API set.
Reporting and Investigative Tools
Reports with captured packets, original file, tracer log, and screenshot provide rich threat intelligence and actionable insight after files are examined (see Figure 2). This is to speed up remediation.
Fortinet’s ability to uniquely integrate various products with FortiSandbox offers automatic protection with incredibly simple setup. Once a malicious code is identified, the FortiSandbox will return risk ratings and the local intelligence is shared in real time with Fortinet and third-party vendor-registered devices and clients to remediate and immunize against new advanced threats. The local intelligence can optionally be shared with Fortinet threat research team, FortiGuard Labs, to help protect organizations globally. Figure 3 steps through the flow on the automated mitigation process.
FortiSandbox supports inspection of many protocols in one unified solution, thus simplifies network infrastructure and operations. Further, it integrates within the Security Fabric adding a layer of advanced threat protection to your existing security architecture. The FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers’ unique configurations and requirements. Organizations can choose to combine these deployment options.