New threat detection and ­mitigation sandbox

February 2014 IT infrastructure

Fortinet has announced the FortiSandbox-3000D, an advanced threat prevention appliance that provides enterprises with a powerful tool to help combat Advanced Persistent Threats (APTs). The new offering combines a unique dual-level sandbox, dynamic threat intelligence, real-time dashboard and rich reporting in a single device that integrates with Fortinet’s FortiGate next generation firewalls (NGFW) and FortiMail e-mail gateway appliances.

Fortinet NGFWs act as a first line of defence by scanning and mitigating threats. When used with FortiSandbox, the appliances together are able to identify and apply advanced inspection to suspicious or high-risk files and then update protections based on the full threat lifecycle of attacks uncovered. And with the new FortiMail version 5.1, Fortinet e-mail gateways can now similarly identify suspicious or high-risk files in e-mail and pass them to FortiSandbox for advanced inspection.

FortiSandbox at-a-glance

The FortiSandbox-3000D can be deployed on-premise on its own without changing any network configurations. Or, as mentioned, it can also be integrated with and extend Fortinet’s FortiGate and FortiMail platforms for improved detection and mitigation.

Consistent with Fortinet’s product development approach, the FortiSandbox consolidates specialised threat detection and intelligence services across protocols and functions into a single, high-performance and highly affordable appliance. At the heart of the appliance is a dual-level sandbox to effectively deal with increasing virtual machine (VM) evasion techniques and the increasing sophistication of attacks that require more advanced inspection.

“Today’s most sophisticated attackers are increasingly bypassing traditional anti-malware solutions and establishing a persistent presence within organisations’ networks,” said John Grady, research manager, Security Products at IDC. “These highly targeted attacks evade signature-based defences by leveraging compression, encryption, and polymorphism among other methods. Some malware variants are even able to detect virtual environments and utilise sleep techniques to make identification much more difficult. Combating today’s attacks requires a comprehensive and integrated approach that goes beyond anti-malware, virtual sandboxes and separate monitoring systems. The FortiSandbox appliance is a step in this direction.”

Key features of FortiSandbox include:

* Dynamic Antimalware and Updates/Cloud Query: Receives updates from FortiGuard Labs and can send queries back to the Labs in real time, helping to intelligently and immediately detect existing and emerging threats

* Code Emulation: Performs lightweight sandbox inspection in real time, including certain malware that uses sandbox evasion techniques and/or only executes with specific software versions.

* Full Virtual Environment: Provides a contained runtime environment to analyse high risk or suspicious code and explore the full threat lifecycle.

* Advanced Visibility: Delivers comprehensive views into a wide range of network, system and file activity, categorised by risk, to help speed incident response.

* Callback Detection: Inspects network traffic for requests to visit malicious sites, establish communications with C&C servers and other activity indicative of a compromise.

* Manual Analysis: Allows security administrators to manually upload malware samples to perform virtual sandboxing without the need for a separate appliance.

* Optional Submission to FortiGuard: Tracer reports, malicious files and other information may be submitted to FortiGuard Labs in order to receive remediation recommendations and updated in-line protections.

“The introduction of the FortiSandbox appliance is in direct response to APTs that are using highly sophisticated evasion techniques to avoid security detection,” said John Maddison, vice president of marketing for Fortinet. “Given our many years of threat research and development, we’re finding that inspection of file activity, as a complement to inspection based on attributes, is a necessary means of combating APTs. Our customers now have the opportunity to easily and cost-effectively perform detailed analysis of specific threats traversing their networks with the added benefit of integrating with our FortiGate and FortiMail appliances to perform in-line, real-time threat mitigation.”

Find more information at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Home-grown, cloud-based safety and security solutions
Residential Estate Security Handbook 2020 , IT infrastructure, Integrated Solutions
BeSecure has taken security and communications technologies and turned them into what is best described as care and safety solutions for the estate community in South Africa.

Bringing the wonders of fibre to your estate
Residential Estate Security Handbook 2020, Vox Telecom , IT infrastructure
The Hi-Tech Security Solutions’ Residential Security Conference in Durban was a magnificent event where Vox showcased its visitor management solution.

Protecting your electrical equipment
Residential Estate Security Handbook 2020, BFR Digital , IT infrastructure
Load shedding is a constant danger as the surges that occur when the lights come on cause damage to electronic equipment, including security equipment, unless it is protected.

Secure biometric access for SAP
Issue 4 2020 , IT infrastructure
An expanded partnership offering endpoint biometric security for SAP takes on new importance amid COVID-19.

Security on the edge
Issue 4 2020 , IT infrastructure
From less than $1.5 billion in 2017 to an anticipated $9 billion by 2024, the worldwide edge computing market is set to show significant growth in the coming years.

Tips on secure remote working
Issue 3 2020 , IT infrastructure, Cyber Security
NordVPN advises how to stay secure while working from home during the coronavirus outbreak.

Wall-mounted solution for mission-critical IT
Issue 3 2020 , IT infrastructure
Schneider Electric’s latest iteration of its 6U wall mount has enabled convenient and easy deployment of edge computing systems.

Secure backup for SMEs
Issue 3 2020 , IT infrastructure
Cleeks Cloud has announced the launch of its online, direct-to-cloud backup solution aimed at the South African SME market.

Sophos Launches Xstream
Issue 3 2020 , IT infrastructure
SophosLabs research indicates 44% of prevalent information thieves use encryption to hide stolen data.

The complexity of connections
Issue 3 2020 , IT infrastructure
With 55 billion devices connected worldwide by 2022 and 90% of them unmanaged, Zero Trust is the new norm.