Network Security & Firewalls

Next Generation AI Powered Sandbox

FortiSandbox is a high-performance security solution that utilizes AI/machine learning technology to identify and isolate advanced threats in real-time. FortiSandbox inspects files, websites, URLs and network traffic for malicious activity, including zero-day threats, and uses sandboxing technology to analyze suspicious files in a secure virtual environment.

FortiSandbox supports multiple operating systems and file types, and provides reporting capabilities for quick threat identification and response. Suitable for organizations of any size and can be deployed on-premises, in the cloud, or as a hosted service, and integrates natively with 11 Security Fabric products and other tools to evaluate suspicious content.

Platform Evolution | FortiSandbox G Series

Leveraging on our previous F and E models*, FortiSandbox 1500G and 500G provide cutting edge technological advancements performance, real-time sharing of threat intelligence across multiple geographical locations, and integrating Fortinet's Security Fabric and third party providers.

Performance Optimization

With twice the VM capacity and file processing capabilities, our G Series delivers unparalleled stability, the highest detection accuracy, and best-breed throughput, while offering flexible and cost-effective deployment solutions.

G Series Features | Powerful Processing

Realize 2X to 4X File Processing Power

Economical Value

Desirable Performance to Price Ratio

Less Hardware

Reduced Environmental Impact and Footprint

Improved Virtualization

Stable, Secure, and Faster Non-Evasion Hypervisor

Additional Sandboxing VMs

Double the Dynamic Scan Throughput

Elastic VM Seat Count

Flexible VM Seat Count in Increments of Two

Features

FortiSandbox is the most flexible threat-analysis appliance available as it offers various deployment options for unique configurations and requirements. Organizations can choose to combine these options.

Security Fabric Integration

FortiSandbox natively integrates with FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy, FortiClient (ATP agent), Fabric-Ready Partner solutions, and via JSON API or ICAP with third party security vendors. The integration provides suspicious content submission, timely remediation, and reporting capabilities.

This integration extends to other FortiSandbox solutions allowing instantaneous sharing of real-time intelligence. This feature benefits large enterprises that deploy multiple FortiSandbox solutions in different geo-locations. This zero touch automated model is ideal for holistic protection across different borders and time zones.

Threat Mitigation

FortiSandbox uniquely integrates with various products through the Security Fabric platform that automates your breach protection strategy with an incredibly simple setup. Once malicious code is identified, FortiSandbox will return risk ratings and the local intelligence is shared in real time with Fortinet, Fabric-Ready Partners, and third-party security solutions to mitigate and immunize against new advanced threats. The local intelligence can optionally be shared with the FortiGuard Labs, to help protect organizations globally. The diagram following describes the automated mitigation process flow.

Unified Event Correlation and Risk Management for Modern Networks

Uptime is a mandate for today's digital business and end users do not care if their application problems are performance or security-related. That's where FortiSIEM comes in.

Unified NOC and SOC Analytics (Patented)

Fortinet has developed an architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts, and configuration changes. FortiSIEM essentially takes the analytics traditionally monitored in separate silos - SOC and NOC - and brings that data together for a comprehensive view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards, and ad-hoc queries.

Highlights | Machine Learning / UEBA

FortiSIEM uses Machine Learning to detect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules. FortiSIEM helps identify insider and incoming threats that would pass traditional defenses. High fidelity alerts help prioritize which threats need immediate attention.

User and Device Risk Scoring

FortiSIEM build a risk scores of Users and Devices that can augment UEBA rules and other analysis. Risk scores are calculated by combining several datapoints regarding the user and device. The User and Device risk scores are displayed in a unified entity risk dashboard.

Distributed Real-Time Event Correlation (Patented)

Distributed event correlation is a difficult problem, as multiple nodes have to share their partial states in real time to trigger a rule. While many SIEM vendors have distributed data collection and distributed search capabilities, Fortinet is the only vendor with a distributed real-time event correlation engine. Complex event patterns can be detected in real time. This patented algorithm enables FortiSIEM to handle a large number of rules in real time at high event rates for accelerated detection timeframes.

Real-Time, Automated Infrastructure Discovery and Application Discovery Engine (CMDB)

Rapid problem resolution requires infrastructure context. Most log analysis and SIEM vendors require administrators to provide the context manually, which quickly becomes stale, and is highly prone to human error. Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover both physical and virtual infrastructure, on-premises and in public/ private clouds, simply using credentials without any prior knowledge of what the devices or applications are.

An up-to-date CMDB (Centralized Management Database) enables sophisticated context aware event analytics using CMDB Objects in search conditions.

Dynamic User Identity Mapping

Crucial context for log analysis is connecting network identity (IP address, MAC Address) to user identity (log name, full name, organization role). This information is constantly changing as users obtain new addresses via DHCP or VPN.

Fortinet has developed a dynamic user identity mapping methodology. Users and their roles are discovered from on-premises or Cloud SSO repositories. Network identity is identified from important network events. Then geo-identity is added to form a dynamic user identity audit trail. This method makes it possible to create policies or perform investigations based on user identity instead of IP addresses - allowing for rapid problem resolution.

Unified Event Correlation and Risk Management for Modern Networks

Uptime is a mandate for today's digital business and end users do not care if their application problems are performance or security-related. That's where FortiSIEM comes in.

Unified NOC and SOC Analytics (Patented)

Fortinet has developed an architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts, and configuration changes. FortiSIEM essentially takes the analytics traditionally monitored in separate silos - SOC and NOC - and brings that data together for a comprehensive view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards, and ad-hoc queries.

Highlights | Machine Learning / UEBA

FortiSIEM uses Machine Learning to detect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules. FortiSIEM helps identify insider and incoming threats that would pass traditional defenses. High fidelity alerts help prioritize which threats need immediate attention.

User and Device Risk Scoring

FortiSIEM build a risk scores of Users and Devices that can augment UEBA rules and other analysis. Risk scores are calculated by combining several datapoints regarding the user and device. The User and Device risk scores are displayed in a unified entity risk dashboard.

Distributed Real-Time Event Correlation (Patented)

Distributed event correlation is a difficult problem, as multiple nodes have to share their partial states in real time to trigger a rule. While many SIEM vendors have distributed data collection and distributed search capabilities, Fortinet is the only vendor with a distributed real-time event correlation engine. Complex event patterns can be detected in real time. This patented algorithm enables FortiSIEM to handle a large number of rules in real time at high event rates for accelerated detection timeframes.

Real-Time, Automated Infrastructure Discovery and Application Discovery Engine (CMDB)

Rapid problem resolution requires infrastructure context. Most log analysis and SIEM vendors require administrators to provide the context manually, which quickly becomes stale, and is highly prone to human error. Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover both physical and virtual infrastructure, on-premises and in public/ private clouds, simply using credentials without any prior knowledge of what the devices or applications are.

An up-to-date CMDB (Centralized Management Database) enables sophisticated context aware event analytics using CMDB Objects in search conditions.

Dynamic User Identity Mapping

Crucial context for log analysis is connecting network identity (IP address, MAC Address) to user identity (log name, full name, organization role). This information is constantly changing as users obtain new addresses via DHCP or VPN.

Fortinet has developed a dynamic user identity mapping methodology. Users and their roles are discovered from on-premises or Cloud SSO repositories. Network identity is identified from important network events. Then geo-identity is added to form a dynamic user identity audit trail. This method makes it possible to create policies or perform investigations based on user identity instead of IP addresses - allowing for rapid problem resolution.

Unified Event Correlation and Risk Management for Modern Networks

Uptime is a mandate for today's digital business and end users do not care if their application problems are performance or security-related. That's where FortiSIEM comes in.

Unified NOC and SOC Analytics (Patented)

Fortinet has developed an architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts, and configuration changes. FortiSIEM essentially takes the analytics traditionally monitored in separate silos - SOC and NOC - and brings that data together for a comprehensive view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards, and ad-hoc queries.

Machine Learning / UEBA

FortiSIEM uses Machine Learning to detect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules. FortiSIEM helps identify insider and incoming threats that would pass traditional defenses. High fidelity alerts help prioritize which threats need immediate attention.

User and Device Risk Scoring

FortiSIEM build a risk scores of Users and Devices that can augment UEBA rules and other analysis. Risk scores are calculated by combining several datapoints regarding the user and device. The User and Device risk scores are displayed in a unified entity risk dashboard.

Distributed Real-Time Event Correlation (Patented)

Distributed event correlation is a difficult problem, as multiple nodes have to share their partial states in real time to trigger a rule. While many SIEM vendors have distributed data collection and distributed search capabilities, Fortinet is the only vendor with a distributed real-time event correlation engine. Complex event patterns can be detected in real time. This patented algorithm enables FortiSIEM to handle a large number of rules in real time at high event rates for accelerated detection timeframes.

Real-Time, Automated Infrastructure Discovery and Application Discovery Engine (CMDB)

Rapid problem resolution requires infrastructure context. Most log analysis and SIEM vendors require administrators to provide the context manually, which quickly becomes stale, and is highly prone to human error. Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover both physical and virtual infrastructure, on-premises and in public/ private clouds, simply using credentials without any prior knowledge of what the devices or applications are.

An up-to-date CMDB (Centralized Management Database) enables sophisticated context aware event analytics using CMDB Objects in search conditions.

Dynamic User Identity Mapping

Crucial context for log analysis is connecting network identity (IP address, MAC Address) to user identity (log name, full name, organization role). This information is constantly changing as users obtain new addresses via DHCP or VPN.

Fortinet has developed a dynamic user identity mapping methodology. Users and their roles are discovered from on-premises or Cloud SSO repositories. Network identity is identified from important network events. Then geo-identity is added to form a dynamic user identity audit trail. This method makes it possible to create policies or perform investigations based on user identity instead of IP addresses - allowing for rapid problem resolution.

Unified Event Correlation and Risk Management for Modern Networks

Uptime is a mandate for today's digital business and end users do not care if their application problems are performance or security-related. That's where FortiSIEM comes in.

Unified NOC and SOC Analytics (Patented)

Fortinet has developed an architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts, and configuration changes. FortiSIEM essentially takes the analytics traditionally monitored in separate silos - SOC and NOC - and brings that data together for a comprehensive view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards, and ad-hoc queries.

Highlights | Machine Learning / UEBA

FortiSIEM uses Machine Learning to detect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules. FortiSIEM helps identify insider and incoming threats that would pass traditional defenses. High fidelity alerts help prioritize which threats need immediate attention.

User and Device Risk Scoring

FortiSIEM build a risk scores of Users and Devices that can augment UEBA rules and other analysis. Risk scores are calculated by combining several datapoints regarding the user and device. The User and Device risk scores are displayed in a unified entity risk dashboard.

Distributed Real-Time Event Correlation (Patented)

Distributed event correlation is a difficult problem, as multiple nodes have to share their partial states in real time to trigger a rule. While many SIEM vendors have distributed data collection and distributed search capabilities, Fortinet is the only vendor with a distributed real-time event correlation engine. Complex event patterns can be detected in real time. This patented algorithm enables FortiSIEM to handle a large number of rules in real time at high event rates for accelerated detection timeframes.

Real-Time, Automated Infrastructure Discovery and Application Discovery Engine (CMDB)

Rapid problem resolution requires infrastructure context. Most log analysis and SIEM vendors require administrators to provide the context manually, which quickly becomes stale, and is highly prone to human error. Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover both physical and virtual infrastructure, on-premises and in public/ private clouds, simply using credentials without any prior knowledge of what the devices or applications are.

An up-to-date CMDB (Centralized Management Database) enables sophisticated context aware event analytics using CMDB Objects in search conditions.

Dynamic User Identity Mapping

Crucial context for log analysis is connecting network identity (IP address, MAC Address) to user identity (log name, full name, organization role). This information is constantly changing as users obtain new addresses via DHCP or VPN.

Fortinet has developed a dynamic user identity mapping methodology. Users and their roles are discovered from on-premises or Cloud SSO repositories. Network identity is identified from important network events. Then geo-identity is added to form a dynamic user identity audit trail. This method makes it possible to create policies or perform investigations based on user identity instead of IP addresses - allowing for rapid problem resolution.