United States
Q
What is Fortinet FortiSandbox Advanced Threat Prevention?
A
FortiSandbox is a next-generation threat analysis appliance that executes suspicious files in a secure sandbox environment, identifies zero-day malware, and blocks advanced threats before they infect your network.
Q
How does FortiSandbox integrate with my existing Fortinet infrastructure?
A
FortiSandbox seamlessly integrates with FortiGate firewalls, FortiMail, FortiClient and FortiAnalyzer via Fortinet Security Fabric APIs, enabling automated threat sharing and centralized policy enforcement.
Q
What types of threats can FortiSandbox detect?
A
FortiSandbox detects zero-day exploits, polymorphic malware, ransomware, advanced persistent threats (APTs) and malicious scripts by executing and inspecting files, URLs and macros in a virtualized environment.
Q
Can FortiSandbox analyze encrypted traffic?
A
Yes. FortiSandbox can inspect files and web content decrypted by FortiGate’s SSL/TLS inspection engine, ensuring that encrypted attacks are detected and prevented.
Q
What deployment options are available for FortiSandbox?
A
FortiSandbox is available as a physical appliance, virtual machine or cloud service (AWS, Azure), allowing flexible deployment to match on-premises, hybrid or fully cloud-based environments.
Q
How do I license FortiSandbox?
A
FortiSandbox licensing is subscription-based, with options for throughput capacity, user count or cloud credits. You can choose annual or multi-year plans that include software updates and threat intelligence feeds.
Q
What performance characteristics should I consider?
A
Key performance metrics include concurrent analysis sessions, file throughput (up to several Gbps), VM instances per chassis and average analysis time. Choose a model that matches your network volume and latency requirements.
Q
How does FortiSandbox reduce false positives?
A
FortiSandbox combines behavioral analysis, machine learning and global threat intelligence to distinguish benign anomalies from malicious activity—minimizing false positives while maintaining high detection rates.
Q
How is threat intelligence updated on FortiSandbox?
A
Signed threat intelligence updates are delivered automatically via FortiGuard Services multiple times per day, ensuring your sandbox has the latest zero-day signatures, malware indicators and sandboxing techniques.
Q
How do I manage and monitor FortiSandbox?
A
FortiSandbox includes a web-based GUI and REST APIs for centralized configuration, alerting, detailed reports and integration with SIEM platforms, giving you real-time visibility into sandbox activity.
Q
Can FortiSandbox process email attachments?
A
Yes. FortiSandbox integrates with FortiMail to intercept and analyze email attachments—such as Office docs, PDFs and executables—before delivery, blocking malicious payloads at the gateway.
Q
What file types are supported for analysis?
A
FortiSandbox supports executables (.exe, .dll), scripts (JavaScript, PowerShell), office files (Word, Excel, PowerPoint), PDFs, archives (zip, rar) and URLs, ensuring comprehensive coverage.
Q
How does FortiSandbox scale in large environments?
A
FortiSandbox scales horizontally by clustering multiple appliances or VMs under a single management interface, distributing analysis workloads to maintain performance in high-volume deployments.
Q
What reporting capabilities does FortiSandbox offer?
A
FortiSandbox provides customizable dashboards, executive summaries, forensic timelines and IOC export. Reports can be scheduled or generated on demand for compliance and incident response.
Q
How does FortiSandbox support incident response?
A
FortiSandbox furnishes detailed behavioral logs, memory dumps and network traffic captures for each analyzed sample, enabling security teams to perform deep forensics and accelerate remediation.
