Fortinet black logo

Use Case: Fabric-Based Deep Analysis for Zero-Day Malware Detection

Copy Link
Copy Doc ID 607ef469-858c-11ea-9384-00505692583a:779598
Download PDF

Use Case: Fabric-Based Deep Analysis for Zero-Day Malware Detection

FortiSandbox on AWS introduces elasticity for on-demand sandbox resources when they are needed, which can be very costly in the traditional on premises setting. When working with other Fortinet products like FortiGate, FortiWeb, or FortiMail, FortiSandbox continues to be a powerful use case for public cloud when no prior malware signature exists. When the firewall does not find the AV malicious profile in the HTTP or web traffic, it submits and queues the file sample in FortiSandbox on AWS for in-depth analysis until the verdict is reached.

Adaptive Notification and Remediation

The intelligence is shared across the Fabric. Every signature and IOC that FortiSandbox generates is automatically propagated across all FortiGate firewalls and FortiClient endpoints for immediate blocking or quarantine actions to avoid further damage.

When anticipated traffic is down it can release the AWS compute resources if not needed.

Use Case: Fabric-Based Deep Analysis for Zero-Day Malware Detection

FortiSandbox on AWS introduces elasticity for on-demand sandbox resources when they are needed, which can be very costly in the traditional on premises setting. When working with other Fortinet products like FortiGate, FortiWeb, or FortiMail, FortiSandbox continues to be a powerful use case for public cloud when no prior malware signature exists. When the firewall does not find the AV malicious profile in the HTTP or web traffic, it submits and queues the file sample in FortiSandbox on AWS for in-depth analysis until the verdict is reached.

Adaptive Notification and Remediation

The intelligence is shared across the Fabric. Every signature and IOC that FortiSandbox generates is automatically propagated across all FortiGate firewalls and FortiClient endpoints for immediate blocking or quarantine actions to avoid further damage.

When anticipated traffic is down it can release the AWS compute resources if not needed.