WILDFIRE CLOUD VS.

FORTISANDBOX CLOUD

Product Overview Top Selling Points

Palo Alto Networks WildFire® malware prevention service automatically detects and stops • Automatically detect and stop unknown attacks: Identify new
unknown attacks. Going beyond traditional sandboxing, it uses advanced analysis techniques threats through automated protections, including advanced
to identify threats for maximum security effectiveness. WildFire helps you stay ahead of the analysis, machine learning, and shared threat intelligence, to

SELLING POINTS
latest attack techniques with cloud-delivered detection that continuously improves; strengthens stay ahead of attackers.
protection with threat data shared across a growing global community; and automatically • Ten years of threat intelligence for automatic protection and
delivers protections in as few as five minutes across network, mobile, and cloud environments
OVERVIEW

immediate insight: Protection is powered by continuously

to stop attackers in their tracks. growing threat intelligence from tens of thousands of global
Customer Challenges customers collectively sharing trillions of artifacts to prevent
unknown attacks.
Attackers keep finding new ways to bypass legacy malware analysis and sandboxing tools. Getting
ahead requires a different approach: one that can automatically detect and prevent unknown • Stay ahead of attackers with continuous innovation: The
attacks from succeeding. Shared, community-sourced threat data, continuous innovation, and cloud-based service provides scale and agility to encompass
immediate sharing of protections across networks, endpoints, and clouds are critical. rapid innovations in new detection capabilities that remain
completely transparent to users.

Target Audience
Business Buyer Technical Buyer

Key Benefits Do you want to be able to act How much time do you spend
quickly when serious security events hunting threats and identifying
• Detect unknown threats with data from a global community: WildFire identifies unknown occur? new ones?
threats using shared data from the industry’s largest enterprise malware analysis community,
including threats submitted from networks, endpoints, clouds, and third-party partners. The Do you want to boost security How do you deal with zero-day
service ensures data privacy through flexible data collection options, including regional and while reducing capital and threats?
government clouds, and hybrid and on-premises analysis. Detailed insight into the behavior operational expenditures?
of identified threats saves security analysts valuable time.
KEY BENEFITS

• Stay ahead of new attack techniques: WildFire takes advantage of complementary analysis How often do you provide Do you have to deploy dedicated
engines, including machine learning, static and dynamic analysis, and other advanced capabilities. accurate risk analysis reports to appliances to detect new threats?
It uses built-in evasion prevention to stop advanced attacks, using a custom hypervisor and bare executives?
metal analysis – with zero impact on operations.
When security events occur, do Do you have access to a global
• Automate threat prevention: WildFire provides immediate, automated protection across your
you need to provide post-mortems threat-sharing community?
environment, stopping malware, malicious URLs, DNS, and command and control (C2). You
as quickly as possible?
simply turn WildFire on, and it keeps your organization safe without any operational impact on
next-generation firewalls or other Palo Alto Networks services. You can get even more threat
information, including attribution and context, using AutoFocus™ contextual threat intelligence Do you have a dedicated security How do you respond to breaches?
service. team doing malware analysis?

© 2019 Palo Alto Networks, Inc. | WildFire Cloud vs. FortiSandbox Cloud | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 1
WILDFIRE CLOUD VS. FORTISANDBOX CLOUD
FortiSandbox Cloud Weaknesses Feature Comparison Matrix
Feature Palo Alto Networks Fortinet
• In testing, FortiSandbox had signature coverage for most initial payload samples, but it falls short in C2
analysis, which provides attackers a window of opportunity. Custom-built
Yes No
­hypervisor
• FortiSandbox Cloud is limited to a finite file size (10 MB by default) unless you’re willing to compromise
performance for security. Anti-analysis
Yes No
­detection
HOW TO COMPETE

• FortiSandbox Cloud does not have a custom hypervisor, nor does not support bare metal analysis. WildFire
Bare metal analysis
provides both. Yes No
of malware
• The FortiSandbox database is entirely hash-based. Adding a single byte to the end of a known malicious Native threat intel- No; requires
file and repeating the transfer will cause the modified file not to be blocked. ligence, analytics, Yes purchase of helper
and correlation products
• FortiSandbox does not prevent corporate credentials from being shared on unknown/malicious URLs and
secure application access via multi-factor authentication. Hash-based No Yes

• FortiSandbox does not provide contextual analysis of firewall events correlated with threat intelligence Yes; Windows, Partial; Windows,
OS support for
without helper products at additional costs. Linux, Android, and macOS* and
malware analysis
macOS ­Android
• FortiSandbox threat reporting is, in almost all cases, unreadable and unusable from both UI and technical Integration with
perspectives. There is no capability for export outside of the API, no understanding behaviors, and no endpoint protection Partial; requires
comparison to AutoFocus, which performs advanced analysis. Yes
(Cortex vs. Forti- ­sandbox appliance
• In a competitive assessment—Gartner’s Magic Quadrant report—Fortinet’s sandboxing subscription Client)
received mixed reviews from Gartner clients for its detection rate. Feature parity across
private and public Yes No
cloud
“Does Palo Alto Networks support retrospective analysis?” Consistent
No; FGT, FSA, FMG,
Retrospective analysis uses a reactive, detect-and-respond approach to address threats. Palo Alto Networks ­management UI Yes; Panorama
FSIEM)
next-generation firewalls leverage in-line prevention capabilities while WildFire detects unknown malware using across product line
OBJECTION HANDLING

static, dynamic, and bare metal analysis on a custom hypervisor, and automatically creates signatures to prevent
Robust search, time- Weak investigation
successful attacks. Intelligent hybrid
line, and root cause and threat hunting
cloud delivery
“How does Palo Alto Networks provide visibility?” analysis capabilities
Palo Alto Networks Application Control Center (ACC) provides detailed visibility into apps, users, and Contextual analysis
threats, including file types being transferred over applications, files blocked by the threat engine, and of firewall events
WildFire verdicts. It also provides full visibility into all network traffic, including stealthy attempts to evade Yes No
with threat
detection, such as the use of nonstandard ports or SSL encryption. intelligence
“Does Palo Alto Networks have native Traps/Cortex XDR/endpoint protection integration?” Integrated logging,
reporting, and Yes No
Unlike FortiSandbox Cloud’s lack of support for FortiClient, Palo Alto Networks Cortex XDR™ detection and
forensics
response is natively integrated with WildFire cloud.
*macOS support requires an additional paid license.

© 2019 Palo Alto Networks, Inc. | WildFire Cloud vs. FortiSandbox Cloud | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 2