Fortinet FortiSandbox 3000F
Multi-Layer Proactive Threat Mitigation
Click here to jump to more pricing!
Please Note: All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
Overview:
Top-rated AI-powered FortiSandbox is part of Fortinet's breach protection solution that integrates with Fortinet's Security Fabric platform to address the rapidly evolving and more targeted threats including ransomware, crypto-malware, and others across a broad digital attack surface. Specifically, it delivers real-time actionable intelligence through the automation of zero-day advanced malware detection and response.
Attack Surface Broad Coverage with Security Fabric
Effective defense against advanced targeted attacks through a cohesive and extensible architecture working to protect networks, emails, web applications, and endpoints from campus to the public cloud, and Industrial Control System (ICS) devices found in an Operational Technology (OT) environment.
Automated Zero-day Advanced Malware Detection and Response
Native integration and open APIs automate the submission of objects from Fortinet and third-party vendor protection points, and the sharing of threat intelligence in real time for immediate threat response and reduction on the reliance on scarce security resources.
Certified and Top Rated
Constantly undergoes rigorous, real-world independent testing such as NSS Labs Breach Detection Systems (BDS) and Breach Prevention Systems (BPS) and ICSA Labs Advanced Threat Defense (ATD) and consistently earns top marks in dealing with known and unknown threats.
Highlights:
AI-Powered Sandbox Malware Analysis
Complement your established defenses with a two-step AIbased sandboxing approach. Suspicious and at-risk files are subjected to the first stage of analysis that quickly identifies known and emerging malware through FortiSandbox's AIpowered static analysis. Second stage analysis is done in a contained environment to uncover the full attack lifecycle leveraging behavior-based AI that is constantly learning new malware techniques and automatically adapting malware behavioral indicators making FortiSandbox's dynamic analysis detection engine more efficient and effective against new zero-day threats. Figure 1 depicts new threats discovered via AI-based dynamic analysis.
MITRE ATT&CK-based Reporting and Investigative Tools
FortiSandbox provides detailed analysis report that maps discovered malware techniques to MITRE ATT&CK framework with built-in powerful investigative tools that allows Security Operations (SecOps) team to download captured packets, original file, tracer log, and malware screenshot, and STIX 2.0 compliant IOCs that not only provides rich threat intelligence but actionable insight after files are examined (see Figure 2).
In addition, SecOps team can choose to record a video of the entire malware interaction or manually interact with the malware in a simulated environment.
Automated Breach Protection
Fortinet's ability to uniquely integrate various products with FortiSandbox through the Security Fabric platform automates your breach protection strategy with an incredibly simple setup. Once a malicious code is identified, the FortiSandbox will return risk ratings and the local intelligence is shared in real time with Fortinet, Fabric-Ready Partner, and third-party security solutions to mitigate and immunize against new advanced threats. The local intelligence can optionally be shared with Fortinet threat research team, FortiGuard Labs, to help protect organizations globally.
Features Summary:
Administration
- Supports WebUI and CLI configurations
- Multiple administrator account creation
- Configuration file backup and restore
- Notification email when malicious file is detected
- Weekly report to global email list and FortiGate administrators
- Centralized search page which allows administrators to build customized search conditions
- Frequent signature auto-updates
- Automatic check and download new VM images
- VM status monitoring
- Radius Authentication for administrators
Networking/Deployment
- Static Routing Support
- File Input: Offline/sniffer mode, On-demand file upload, file submission from integrated device(s)
- Option to create simulated network for scanned file to access in a closed network environment
- High-Availability Clustering support
- Port monitoring for fail-over in a cluster
Systems Integration
- File Submission input: FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy and FortiClient (ATP agent)
- File Status Feedback and Report: FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy and FortiClient (ATP agent)
- Dynamic Threat DB update: FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy and FortiClient (ATP agent)
- Periodically push dynamic DB to registered entities.
- File checksum and malicious URL DB
- Update Database proxy: FortiManager
- Remote Logging: FortiAnalyzer, syslog server
- JSON API to automate the process of uploading samples and downloading actionable malware indicators to remediate
- Certified third-party integration: CarbonBlack, Ziften
- Inter-sharing of IOCs between FortiSandboxes
Advanced Threat Protection
- Inspection of new threats including ransomware and password protected malware mitigation
- Static Code analysis identifying possible threats within non-running code
- Heuristic/Pattern/Reputation-based analysis
- Virtual OS Sandbox:
- Concurrent instances
- OS type supported: Windows XP*, Windows 7, Windows 8.1, Windows 10, macOS, and Android
- Anti-evasion techniques: sleep calls, process and registry queries
- Callback Detection: malicious URL visit, Botnet C&C communication and attacker traffic from activated malware
- Download Capture packets, Original File, Tracer log and Screenshot
- Sandbox Interactive Mode
- File type support: .7z, .ace, .apk, .app, .arj, .bat, .bz2, .cab, .cmd, .dll, .dmg, .doc, .docm, .docx, .dot, .dotm, .dotx, .exe, .gz, .htm, html, .jar, .js, .kgb, .lnk, .lzh, Mach-O, .msi, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps1, .rar, .rtf, .sldm, .sldx, .swf, .tar, .tgz, .upx, url, .vbs, WEBLink, .wsf, .xlam, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xz, .z, .zip
- Protocols/applications supported:
- Sniffer mode: HTTP, FTP, POP3, IMAP, SMTP, SMB
- Integrated mode with FortiGate: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM and their equivalent SSL encrypted versions
- Integrated mode with FortiMail: SMTP, POP3, IMAP
- Integrated mode with FortiWeb: HTTP
- Integrated mode with ICAP Client: HTTP
- Customize VMs with support file types
- Isolate VM image traffic from system traffic
- Network threat detection in Sniffer Mode: Identify Botnet activities and network attacks, malicious URL visit
- Scan SMB/NFS network share and quarantine suspicious files. Scan can be scheduled
- Scan embedded URLs inside document files
- Integrate option for third partyYara rules
- Option to auto-submit suspicious files to cloud service for manual analysis and signature creation
- Option to forward files to a network share for further third-party scanning
- Files checksum whitelist and blacklist option
- URLs submission for scan and query from emails and files
Monitoring and Report
- Real-Time Monitoring Widgets (viewable by source and time period options): Scanning result statistics, scanning activities (over time), top targeted hosts, top malware, top infectious urls, top callback domains
- Drilldown Event Viewer: Dynamic table with content of actions, malware name, rating, type, source, destination, detection time and download path
- Logging - GUI, download RAW log file
- Report generation for malicious files: Detailed reports on file characteristics and behaviors - file modification, process behaviors, registry behaviors, network behaviors, vm snapshot, behavior chronology chart
- Further Analysis: Downloadable files - sample file, sandbox tracer logs, PCAP capture and indicators in STIX format
* a real time IoC check for emerging threats (known good and bad) within the FortiGuard intelligence community
Deployment:
Easy Deployment
FortiSandbox supports inspection of many protocols in one unified solution, thus simplifies network infrastructure and operations. Further, it integrates within the Security Fabric adding a layer of advanced threat protection to your existing security architecture.
The FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers' unique configurations and requirements. Organizations can choose to combine these deployment options.
Standalone
This FortiSandbox deployment mode accepts inputs as an ICAP server or from spanned switch ports or network taps. It may also include administrators' on-demand file uploads or scanning of file respositories via CIFs or NFS through the GUI. It is the ideal option to enhancing an existing multi-vendor threat protection approach.
Integrated
Fortinet products, such as FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy and FortiClient (ATP agent) and third-party security vendors can intercept and submit suspicious content to FortiSandbox when they are configured to interact with FortiSandbox. The integration will also provide timely remediation and reporting capabilities to those devices.
This integration extends to other FortiSandboxes to allow instantaneous sharing of real-time intelligence. This benefits large enterprises that deploy multiple FortiSandboxes in different geo-locations. This zero-touch automated model is ideal for holistic Figure 4: Standalone Deployment protection across different borders and time zones.
Specifications:
| FSA-1000F | FSA-2000E | FSA-3000E | FSA-3000F | |
|---|---|---|---|---|
| Hardware | ||||
| Network Interfaces | 4x GE RJ45 ports, 4x GE SFP slots | 4x GE RJ45 ports, 2x 10 GE SFP+ slots |
4x GE RJ45 ports, 2x 10 GE SFP+ slots |
4x GE RJ45 ports, 2x 10 GE SFP+ slots |
| Storage Capacity | 2x 1 TB | 2x 2 TB | 4x 2 TB | 4x 2 TB |
| Power Supplies | 1x PSU, Optional 2x PSU | 2x Redundant PSU | 2x Redundant PSU | 2x Redundant PSU |
| System Performance | ||||
| Number of VMs | 14* | 24* | 56* | 72* |
| Sandbox Pre-Filter Throughput (Files/Hour)1 | 7,500 | 12,000 | 15,000 | 18,000 |
| VM Sandboxing Throughput (Files/Hour) | 280 | 480 | 1,120 | 1,340 |
| Real-world Effective Throughput (Files/Hour) | 1,4002 | 2,4002 | 5,6002 | 67202 |
| Sniffer Throughput | 1 Gbps | 4 Gbps | 8 Gbps | 9.6 Gbps |
| Dimensions and Power | ||||
| Height x Width x Length (inches) | 1.73 x 17.24 x 22.83 | 3.46 x 17.24 x 20.87 | 3.5 x 17.2 x 25.5 | 3.5 x 17.2 x 23.7 |
| Height x Width x Length (mm) | 44 x 438 x 580 | 88 x 438 x 530 | 89 x 437 x 647 | 88 x 438 x 601 |
| Weight | 25 lbs (11.34 kg) | 27 lbs (12.25 kg) | 43 lbs (19.52 kg) | 44 lbs (20 kg) |
| Form Factor | 1 RU | 2 RU | 2 RU | 2 RU |
| Power Supply (AC/DC) | 100-240V AC, 50/60 Hz | 100-240V AC, 50/60 Hz | 100-240V AC, 50/60 Hz | 100-240V AC, 50/60 Hz |
| Maximum Current | 100V/5A, 240V/3A | 100V/8A, 240V/4A | 100V/9.8A, 240V/5A | 100V/10A, 240V/5A |
| Power Consumption (Average / Maximum) | 66.93 / 116.58 W | 164.7 / 175.9 W | 538.6 / 549.6 W | 462.1 / 392.8 W |
| Environment | ||||
| Humidity | 5-90% non-condensing | 5-90% non-condensing | 5-90% non-condensing | 5-90% (non-condensing) |
| Operation Temperature Range | 32-104°F (0-40°C) | 32-104°F (0-40°C) | 50-95°F (10- 35°C | 32-104°F (0- 40°C) |
| Storage Temperature Range | -40-158°F (-40-70°C) | -4-158°F (-20-70°C) | -40 -158°F (-40-70°C | -40-158°F (-40-70°C) |
| Compliance | ||||
| Certifications | FCC Part 15 Class A, C-Tick, VCCI, CE, BSMI, KC, UL/cUL, CB, GOST | |||
1 FortiSandbox pre-filtering is powered by FortiGuard Intelligence.
2 Measured based on real-world web and email traffic when both pre-filter and dynamic analysis are working consecutively.
3 Measured based on real-world email traffic when both pre-filter and dynamic analysis are working consecutively.
* 2(FSA-500F)/2(FSA-1000F)/4(FSA-2000E)/8(FSA-3000E) Windows VM licenses included with hardware, remaining are sold
as an upgrade license.
| FortiGate | FortiClient | FortiMail | FortiWeb | FortiADC | FortiProxy | ||
|---|---|---|---|---|---|---|---|
| FSA Appliance and VM | File Submission | *FortiOS V5.0.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | FortiWeb OS V5.4+ | FortiADC OS V5.0+ | FortiProxy OS V1.0+ |
| File Status Feedback | *FortiOS V5.0.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | FortiWeb OS V5.4+ | FortiADC OS V5.0+ | FortiProxy OS V1.0+ | |
| File Detailed Report | *FortiOS V5.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | - | FortiADC OS V5.0+ | FortiProxy OS V1.0+ | |
| Dynamic Threat DB Update | *FortiOS V5.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.3+ | FortiWeb OS V5.4+ | FortiADC OS V5.0+ | FortiProxy OS V1.0+ | |
| FortiSandbox Cloud | File Submission | *FortiOS V5.2.3+ | - | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ | - | FortiProxy OS V1.0+ |
| File Status Feedback | *FortiOS V5.2.3+ | - | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ | - | FortiProxy OS V1.0+ | |
| File Detailed Report | *FortiOS V5.2.3+ | - | - | - | - | FortiProxy OS V1.0+ | |
| Dynamic Threat DB Update | *FortiOS V5.4+ | - | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ | - | FortiProxy OS V1.0+ |
*some models may require CLI configuration
Documentation:
Download the Fortinet FortiSandbox 3000F (PDF).