Description
Fortinet FortiSandbox 1000D Network Security/Firewall Appliance
Multi-layer proactive threat mitigation
Today’s most sophisticated cybercriminals are increasingly bypassing traditional antimalware solutions and inserting advanced persistent threats deep within networks. These highly targeted attacks evade established signature-based detection by masking their malicious nature in many ways – compression, encryption, polymorphism, the list of techniques goes on. Some have even begun to evade virtual “sandbox” environments using VM detection, “time bombs” and more. Fighting today’s attacks requires a comprehensive and integrated approach – more than antimalware. More than a virtual sandbox. More than a separate monitoring system. FortiSandbox offers a robust combination of proactive detection and mitigation, actionable threat insight and integrated and automated deployment. At its foundation is a unique, duallevel sandbox which is complemented by Fortinet’s award-winning antimalware and optional integrated FortiGuard threat intelligence. Years of Fortinet threat expertise is now packaged up and available on site or in the cloud via FortiSandbox.
Proactive Detection and Mitigation
Suspicious codes are subjected to multi-layer pre-filters prior to execution in the virtual OS for detailed behavioral analysis. The highly effective pre-filters include a screen by our AV engine, queries to cloud-based threat databases and OS-independent simulation with a code emulator, followed by execution in the full virtual runtime environment. Once a malicious code is detected, granular ratings along with key threat intelligence is available, a signature is dynamically created for distribution to integrated products and full threat information is optionally shared with FortiGuard Labs for the update of global threat databases.
Actionable Insight
All classifications – malicious and high/medium/low risk – are presented within an intuitive dashboard. Full threat information from the virtual execution – including system activity, exploit efforts, web traffic, subsequent downloads, communication attempts and more – is available in rich logs and reports.