Advice Request Fortisandbox ?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Fortisandbox runs either on a VM or a dedicated device.

How does it operate and what are it’s plusses/minuses when compared to other sandboxing solutions ?
 
  • Like
Reactions: harlan4096

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Fortisandbox runs either on a VM or a dedicated device.

How does it operate and what are it’s plusses/minuses when compared to other sandboxing solutions ?

It is very different from sandbox solutions like Sandboxie or Comodo.

It is a enterprise solution that integrates threat intelligence, detection + prevention in all attack surfaces (network, endpoints, web, email) but it needs other enterprise Fortinet solutions to work effectively; while "traditional", "consumer" sandboxies simple try to isolate files from the real OS, Fortisandbox can check if a file is safe or not independent of the endpoint machine.

Fortisandbox is something that the "average" home user can only dream about ...
 
F

ForgottenSeer 58943

Fortisandbox runs either on a VM or a dedicated device.

How does it operate and what are it’s plusses/minuses when compared to other sandboxing solutions ?

Fortinet Product spectrum can run as appliances, VM's and in some cases, cloud. Currently, ALL Fortigate UTM's come with Fortisandbox Cloud now, it used to be an extra charge and before that it was a very expensive appliance. I have a FortiSandbox on my network and it spotted the Ccleaner compromise as it happened and blocked it. (which I disclosed here I believe)

Fortisandbox basically operates like this - incoming files get a 'pre-validation' which does a cursory check of file safety. If there are any threat indicators it throws the file into the Fortisandbox and plays around with it for a bit. You can choose to block all files until a safe declaration is made from the Sandbox. If the Sandbox detects suspicious activity it will stall the file, then send it directly to Fortinet labs for final resolution/determination.

Fortinet's big push now is SaaS type of services with SDWAN and Hosted VM Fortigate UTM's, alleviating the need for on-site appliances of any type. Currently some big players use Fortigate VM's to protect their front-end operations.

All of this is designed to be part of a full security fabric. Currently Fortinet is buying up some AI/ML firms to shore up their AI/ML side of things. They were looking at Cylance I hear, but the price was too high, so they went with a Scottish firm that has some interesting technology. On the endpoint side, there is a sort of transition from FortiClient in-house produced AV with a partnership with Symantec which will integrate Symantec into Fortinet offering the best of each product line across the fabric.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Thanks ! Can you give more details as to how it detected ccleaner ? Based on what criteria was it flagged? To the best of my knowledge it took a moth before it became known that the update was malicious , did it detect ccleaner during this month or after it was known ?
 
  • Like
Reactions: Kuttz
D

Deleted member 178

Last edited by a moderator:
  • Like
Reactions: harlan4096
F

ForgottenSeer 58943

I think you misunderstood what I was saying, which was 'I disclosed to this forum that my Fortisandbox found it way back' and I wasn't saying *I* disclosed the threat to the public... (context is everything...)

When my FS Appliance flagged the update as highly suspicious I unsubscribed from Agomo 30 minutes later out of an abundance of caution and mentioned it here, but I had absolutely no part in the overall disclosure to the public.. Fortinet sort of has an unwritten policy of not getting entangled in disclosures like that, largely because they waste resources, have liability, and draw unwanted attention.
 
Last edited by a moderator:
D

Deleted member 178

No problem, it is just the way you made the sentence "as it happened" that may misled readers.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I think you misunderstood what I was saying, which was 'I disclosed to this forum that my Fortisandbox found it way back' and I wasn't saying *I* disclosed the threat to the public... (context is everything...)

When my FS Appliance flagged the update as highly suspicious I unsubscribed from Agomo 30 minutes later out of an abundance of caution and mentioned it here, but I had absolutely no part in the overall disclosure to the public.. Fortinet sort of has an unwritten policy of not getting entangled in disclosures like that, largely because they waste resources, have liability, and draw unwanted attention.

Thanks !, Did it flag the update it self (before any connection was attempted) or the attempted connection to c&c ?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top