FortiSandbox for Azure enables organizations to defend against Zero-day threats natively in the cloud, working alongside network, application, email, endpoint security, and other 3rd party security solutions, or as an extension to their on-premises security architectures to leverage cloud elasticity and scale.

Highlights:

• AI-powered sandbox malware analysis - Two-stage AI-based Static and Dynamic analysis for fast and reliable detection of Zero-day Malware.
• Broad Coverage of the Attack Surface with Security Fabric - Effective defense against advanced targeted attacks through a cohesive and extensible architecture working to protect network, application layers and endpoint devices from campus to cloud.
• Automated Zero-day, Advanced Malware Detection and Mitigation - Native integration and open APIs automate the submission of objects from Fortinet and third-party vendor protection points, and the sharing of threat intelligence in real time for immediate threat response.
• Supports MITRE ATT&CK-based report.

FortiSandbox for Azure has the following admin ports enabled:

• 443 for web admin
• 22 for ssh admin

FortiSandbox uses a two-stage process to identify zero-day, advanced malware including ransomware, and share relevant threat intelligence in real-time with inline security control so automated mitigation is applied.

• Stage 1 - Pre-filtering is performed by an engine powered by Fortinet's threat intelligence maintained by our global research team, FortiGuard Labs.
• Stage 2 - Dynamic behavior analysis is performed on objects to determine if they are malicious. Rating verdicts are returned to the originating device in real-time to act upon, natively within Fortinet Fabric security products, third-party vendor security products via JSON API, or as a feed via STIX format.

Note - The number of Windows VMs used for behavior analysis for BYOL plan is based on the license. While, for PAYG plan, that is based on the CPU cores of the instance.

• 1 Core - maximum of 4 Windows VMs for behavior analysis
• 2 Cores - maximum of 8 Windows VMs for behavior analysis
• 4 Cores - maximum of 16 Windows VMs for behavior analysis
• 8 Cores - maximum of 32 Windows VMs for behavior analysis
• 16 Cores - maximum of 64 Windows VMs for behavior analysis

Both BYOL and PAYG plan can use the Fortinet-hosted Windows Cloud VMs. Alternatively, the Custom VMs can be deployed within the cloud but will incur additional charges as per infrastructure instance price.