Description
FortiSandbox AI-Powered Advanced Threat Detection and Sandboxing Platform
FortiSandbox 5.0 is a fast, smart sandboxing solution combining AI/ML, static and dynamic analysis, inline blocking, and scalable virtual environments to detect and stop advanced threats including zero-day malware, ransomware, and AI-powered attacks available on-premises, in the cloud, or as a hosted SaaS service.
Key Performance (FortiSandbox 5.0)
- 10x faster real-time verdicts over traditional sandboxes
- 10x effective throughput improvement
- 3x improved detection accuracy with near-zero false positives
- 3x more Universal VMs for scalability
- Static AI scan: up to 50 files per second, verdict in milliseconds
- Median scan time: 5 seconds in production environments
- Clustering support: up to 99 worker nodes
Hardware Appliances (G Series)
- FortiSandbox 500G 1RU, 4x GE RJ45, 960GB SSD, 214 local VMs, up to 80 cloud VMs, up to 1,250 users
- FortiSandbox 1500G 1RU, 4x GE RJ45 + 2x 10GE SFP+, 2x 960GB RAID1, 228 local VMs, up to 120 cloud VMs, up to 4,000 users
- FortiSandbox 3000G 2RU, 8x 10GE SFP+, 4x 2TB RAID-10, 8150 local VMs, up to 200 cloud VMs, up to 20,000 users
Deployment Options
- FSA SaaS Fortinet-hosted shared cloud service
- FSA IL MPS (Inline Malware Prevention Service) Fortinet-hosted with inline blocking
- FSA PaaS Fortinet-hosted dedicated cloud
- FSA Public Cloud AWS, Azure, GCP, OCI (BYOL)
- FSA VMs On-premises virtual appliance (VMware ESXi, Hyper-V)
- FSA Hardware On-premises G Series appliances
- Air-gapped network support available
Detection Technology
- Two-tiered AI scanning: Static AI scan followed by Dynamic AI sandbox analysis
- Advanced AI engine trained daily on thousands of new malware samples
- Anti-evasion techniques: API obfuscation, bare-metal detection, execution delay, process hollowing, time bomb, VM/sandbox detection, memory-only payload, and more
- Real-time zero-day phishing detection via FortiGuard cloud URL analysis
- MITRE ATT&CK v11 framework mapping in threat reports
- STIX 2.0 compliant IOC output
Supported OS & File Types
- OS: Windows 11/10/8.1/7, macOS, Linux, Android, ICS/OT systems, custom VMs
- Files: Windows executables, Microsoft Office, PDF, email (EML/MSG), web files, Android APK, Linux/macOS, archive formats, images with QR codes
- Configurable browsers: Internet Explorer, Edge, Chrome, Firefox
System Integrations
- Native Security Fabric integration with FortiGate, FortiMail, FortiClient EMS, FortiWeb, FortiProxy, FortiADC, FortiSOAR, FortiSIEM, FortiEDR, FortiAnalyzer
- Third-party integration via ICAP, RESTful JSON API, BCC/MTA, sniffer mode
- Network share scanning: SMB, NFS, FTP, sFTP, OneDrive, AWS S3, Azure Blob, Google Cloud Storage
- Protocols: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM, and SSL-encrypted equivalents
Compliance & Certifications
- NIAP Common Criteria validated (NIAP PCL product 11636)
- HIPAA compliant suitable for healthcare environments
- SOC 2 certified
- Supports PCI DSS v4.0, CMMC 2.0, EU NIS2, NIST CSF v2.0, Singapore CCoP, Japan METI/IPA, EU CSA frameworks
Monitoring & Reporting
- Single pane of glass SOC dashboard with real-time scanning statistics
- Detailed Job Report with downloadable PCAP, tracer logs, malware screenshots, and video recording
- Weekly reports, email alerts on malicious file detection
- SNMP, syslog, CEF, FortiAnalyzer, and FortiSIEM logging support
View data sheet: FortiSandbox Data Sheet