Fortisandbox runs either on a VM or a dedicated device.
How does it operate and what are it’s plusses/minuses when compared to other sandboxing solutions ?
Fortinet Product spectrum can run as appliances, VM's and in some cases, cloud. Currently, ALL Fortigate UTM's come with Fortisandbox Cloud now, it used to be an extra charge and before that it was a very expensive appliance. I have a FortiSandbox on my network and it spotted the Ccleaner compromise as it happened and blocked it. (which I disclosed here I believe)
Fortisandbox basically operates like this - incoming files get a 'pre-validation' which does a cursory check of file safety. If there are any threat indicators it throws the file into the Fortisandbox and plays around with it for a bit. You can choose to block all files until a safe declaration is made from the Sandbox. If the Sandbox detects suspicious activity it will stall the file, then send it directly to Fortinet labs for final resolution/determination.
Fortinet's big push now is SaaS type of services with SDWAN and Hosted VM Fortigate UTM's, alleviating the need for on-site appliances of any type. Currently some big players use Fortigate VM's to protect their front-end operations.
All of this is designed to be part of a full security fabric. Currently Fortinet is buying up some AI/ML firms to shore up their AI/ML side of things. They were looking at Cylance I hear, but the price was too high, so they went with a Scottish firm that has some interesting technology. On the endpoint side, there is a sort of transition from FortiClient in-house produced AV with a partnership with Symantec which will integrate Symantec into Fortinet offering the best of each product line across the fabric.
