What is Sandbox inspection?

What is Sandbox inspection?

Sandbox inspection is a network process that allows files to be sent to a separate device, such as FortiSandbox, to be inspected without risking network security. This allows the detection of threats capable of bypassing other security measures, including zero-day threats.

You can configure your FortiGate device to send suspicious files to FortiSandbox for inspection and analysis. The FortiGate queries scan results and retrieves scan details. The FortiGate can also download malware packages as a complementary AV signature database to block future intrusions by the same malware and download URL packages as complementary web-filtering black lists.

The FortiSandbox uses virtual machines (VMs) running different operating systems to test a file and to determine if it is malicious. If the file exhibits risky behavior, or is found to contain a virus, a new signature can be added to the FortiGuard AntiVirus signature database.

When a FortiGate learns from FortiSandbox that an endpoint is infected, the administrator can quarantine the host, if it is registered to a FortiClient.

FortiSandbox has a VM pool and processes multiple files simultaneously. The amount of time to process a file depends on hardware and the number of sandbox VMs used to scan the file. For example, it can take 60 seconds to five minutes to process a file. FortiSandbox has a robust prefiltering process that, if enabled, reduces the need to inspect every file and reduces processing time. For more information on enabling prefiltering, refer to the FortiSandbox documentation.

This entry was posted in Administration Guides, FortiGate, Fortinet Cookbook, FortiOS, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.