We performed a comparison between Anomali Match and Fortinet FortiSandbox based on real PeerSpot user reviews.
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR)."Microsoft 365 Defender is a stable solution."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"Its most significant advantage lies in its affordability."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"The dynamic behavior analysis is excellent. We have many attacks caught by the FortiSandbox as zero-day attacks. Additionally, the administration is simple and can be customized to fit your companies needs."
"The solution extracts an attached file before reaching the user and notifies the user if there's something malicious in the attachment received along with an email."
"Overall, it works fine. Its interface is also fine."
"Fortinet FortiSandbox is scalable."
"It is a stable solution."
"The real-time analysis capability of FortiSandbox is beneficial for email analysis."
"The initial setup is straightforward."
"Compared to other solutions, it's easy to configure and implement because of the templates. The timing of scanning files is faster."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"When you reach the maximum capacity, you cannot upgrade the solution because its hardware is very expensive."
"In the next release, I would like to see machine learning and anti-exploitation included."
"Not practical for real-time web traffic analysis because users won't wait for the FortiSandbox to complete its analysis before accessing content"
"The delivery feature in my country is extremely bad."
"It should be easier to import custom virtual machines. Some of the VMs that are in FortiSandbox don't have the applications that we have in our environment. We need to import a VM with specific applications that we use in our environment. Have all the licenses because this is a real environment. You need a license for the Windows client you run on it. It's possible to import custom VMs, but it's a pain to do it. I would like a tool that simplifies the process."
"In future releases, I would like to see more automation capabilities."
"If we can have more dashboards, it would be good."
"If you were to compare prices between vendors and manufacturers, you would see that the lowest equipment in the Sandbox line is quite expensive for a new customer."
Earn 20 points
Anomali Match is ranked 36th in Extended Detection and Response (XDR) while Fortinet FortiSandbox is ranked 4th in Advanced Threat Protection (ATP) with 36 reviews. Anomali Match is rated 7.0, while Fortinet FortiSandbox is rated 8.2. The top reviewer of Anomali Match writes "Scalable, easy to use, but more features needed". On the other hand, the top reviewer of Fortinet FortiSandbox writes "Light and powerful solution design; useful to have". Anomali Match is most compared with ThreatConnect Threat Intelligence Platform (TIP) and EclecticIQ, whereas Fortinet FortiSandbox is most compared with Palo Alto Networks WildFire, Trellix Network Detection and Response, Check Point SandBlast Network, Microsoft Defender for Office 365 and Fortinet FortiEDR.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.