FortiSandbox: Zero-day Threat Protection

An AI-powered, top-rated, integrated sandbox

What is a Malware Sandbox?

Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.

However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.

A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.

Typical characteristics found in a malware sandbox:

    1. Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
    2. Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
    3. Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
    4. Reporting and automated sharing of threat intelligence
    5. Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments

Features and Benefits

Independently top-rated

NSS Labs “Recommended” for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense

Broad integration

Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform

Improved efficacy and performance

Leverages two machine learning models that enhance static and dynamic malware analysis of zero-day threats

Automated breach protection

Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization

Accelerated threat investigation

Built-in MITRE ATT&CK matrix identifies a variety of malware techniques

Unified IT-OT zero-day threat protection

Protects across both IT and OT environments and assets from malware