FortiSandbox: Zero-day Threat Protection
An AI-powered, top-rated, integrated sandbox
What is a Malware Sandbox?
Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.
However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.
A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.
Typical characteristics found in a malware sandbox:
- Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
- Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
- Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
- Reporting and automated sharing of threat intelligence
- Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments
Features and Benefits
NSS Labs “Recommended” for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense
Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform
Improved efficacy and performance
Leverages two machine learning models that enhance static and dynamic malware analysis of zero-day threats
Automated breach protection
Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization
Accelerated threat investigation
Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
Unified IT-OT zero-day threat protection
Protects across both IT and OT environments and assets from malware