Coming October 25: PeerSpot Awards will be announced! Learn more

Cisco Secure Network Analytics vs Fortinet FortiSandbox comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Secure Network Analytics and Fortinet FortiSandbox based on real PeerSpot user reviews.

Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Cisco Secure Network Analytics vs. Fortinet FortiSandbox report (Updated: September 2022).
635,162 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us.""The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away.""It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload.""Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis.""The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff.""The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into.""The dashboard gives me a scoring system that allows me to prioritize things that I should look at. I may not necessarily care so much about one event, whereas if I have a single botnet detection or a brute force attack, I really want to get on top of those.""It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."

More Vectra AI Pros →

"From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it.""Overall, the implementation is very good.""StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.""If you are using Darktrace or NAC solutions you can integrate Stealthwatch.""It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.""Great network monitoring, looking at anomaly detection and evaluation.""We find that Stealthwatch can detect the unseen.""Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box."

More Cisco Secure Network Analytics Pros →

"Overall, it works fine. Its interface is also fine.""The scanner office document as well as PDF are useful. The most valuable thing is that you can emulate different operating systems without having the danger of getting something infected. It emulates several operating systems, and as a result, you either get the file or you don't get the file.""The most valuable features of Fortinet FortiSandbox are customization, ICAP protocol, and integration with other vendors. Additionally, the security work very well.""Fortinet FortiSandbox is scalable.""Compared to other solutions, it's easy to configure and implement because of the templates. The timing of scanning files is faster.""The most valuable features of Fortinet FortiSandbox are the analysis options, artificial intelligence, and the many interfaces it provides.""The solution is easy to manage.""The dynamic behavior analysis is excellent. We have many attacks caught by the FortiSandbox as zero-day attacks. Additionally, the administration is simple and can be customized to fit your companies needs."

More Fortinet FortiSandbox Pros →

Cons
"I'd like to be able to get granular reports and to be able to output them into formats that are customizable and more useful. The reporting GUI is lacking.""Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass.""If you hit a certain number of rules, triage filters, or groups, the UX responds more slowly. However, we have a complex network and a lot of rules. So, our setup might not be a typical implementation example. We even had UX engineers onsite, and they looked at issues, improvements, and user feedback. Since then, it has gotten a lot better, they even built in features that we specifically requested for our company.""Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM.""In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment.""They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard.""I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats.""The main improvement I can see would be to integrate with more external solutions."

More Vectra AI Cons →

"The visualization could be improved, the GUI is not the best.""Many of these tools require extensive on-premises hardware to run.""Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.""It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.""Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.""It's not great as a standalone solution.""Cisco could improve the administration for the customers.""We would like the solution to make more advances in the way that Extreme Networks has been doing."

More Cisco Secure Network Analytics Cons →

"If we can have more dashboards, it would be good.""The use cases in Fortinet FortiSandbox are not good. It is difficult to upload a custom VM for Fortinet FortiSandbox. The integration of Fortinet FortiSandbox with other Fortinet or FortiGate firewalls is not good. VMs are already installed in the hardware and are working fine, but we tried to approve the custom VM many times but did not succeed.""If you were to compare prices between vendors and manufacturers, you would see that the lowest equipment in the Sandbox line is quite expensive for a new customer.""The initial setup is not too complex but could be easier.""The reporting tools could be improved in Fortinet FortiSandbox.""Fortinet FortiSandbox should improve its performance and security accuracy to keep competitive with other solutions, such as IBM.""I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords.""Fortinet FortiSandbox can improve by decreasing the time of analysis response. Other solutions have a better response time, such as WildFire."

More Fortinet FortiSandbox Cons →

Pricing and Cost Advice
  • "The pricing is very good. It's less expensive than many of the tools out there."
  • "The pricing is high."
  • "Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
  • "From a pricing perspective, they are very commercially competitive. From a licensing perspective, just be conscious that some of their future cloud solutions come with additional subscriptions. Also, if you're outside of the US, you will get charged freight for the device back to your country."
  • "Cost is a big factor, as always. However, I think we have a very good price–performance ratio."
  • "Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links."
  • More Vectra AI Pricing and Cost Advice →

  • "This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
  • "It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want."
  • "There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive"
  • More Cisco Secure Network Analytics Pricing and Cost Advice →

  • "Altogether, it is about €10,000 for the Sandbox and Email Gateway."
  • "We are on an annual license to use the solution. We have an additional feature that is integrated with S5, which is working well."
  • "There is a license to use this solution."
  • "Fortinet is more reasonable than Palo Alto."
  • "The price is competitive."
  • "The price of Fortinet FortiSandbox is expensive."
  • "The license for Fortinet FortiSandbox depends on the use case."
  • More Fortinet FortiSandbox Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    635,162 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the… more »
    Top Answer:Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a… more »
    Top Answer:Cost is a big factor, as always. However, I think we have a very good price–performance ratio.
    Top Answer:StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and… more »
    Top Answer:We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs.
    Top Answer:There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for… more »
    Top Answer:Integration is one of the solution's most valuable aspects. You can integrate even third-party solutions so that they… more »
    Top Answer:The solution is a rather sizable investment. That said, for those organizations with sensitive data, that feed to know… more »
    Top Answer:With the 3000D we had some issues with the FortiOS version. I don't remember which one it was, however, there was an… more »
    Comparisons
    Also Known As
    Vectra Networks, Vectra AI NDR
    Cisco Stealthwatch, Cisco Stealthwatch Enterprise, Lancope StealthWatch
    FortiSandbox
    Learn More
    Cisco
    Video Not Available
    Overview

    Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

    Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

    The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

    With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

    One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

    The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

    Features of Vectra AI

    • AI-based threat detection and response. 
    • Detects attacks in real time with behavior-based threat detection. 
    • Consolidates and correlates thousands of events, detecting threats. 
    • Enriches threat investigation with a chain of evidence and data science security insights. 
    • Machine learning techniques, including deep learning and neural networks. 
    • Gives visibility into cyberattackers and analyzes all network traffic. 
    • Continuous updates with new threat detection algorithms. 
    • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
    • Guaranteed availability according to the SLA of the service selected. 
    • Does not connect to public sector networks. 

    Benefits of Vectra AI

    • Behavioral models use AI to find unknown attackers. 
    • Context increases the accuracy of threat hunting. 
    • Allows for proactive action by prioritizing the most relevant information. 
    • Provides a clear picture and extensive context for investigations. 
    • Aids decision-making in the incident response process. 
    • Helps working with large datasets by capturing metadata at scale. 
    • Automates time-consuming analysis. 
    • Reduces the security analysts’ workloads on threat investigations. 

    Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

    Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

    Reviews from Real Users

    Here’s what PeerSpot users of Vectra AI have to say about it:

    "One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

    "It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

    Outsmart emerging threats in your digital business with industry-leading machine learning and behavioral modeling provided by Secure Network Analytics (formerly Stealthwatch). Know who is on the network and what they are doing using telemetry from your network infrastructure. Detect advanced threats and respond to them quickly. Protect critical data with smarter network segmentation. And do it all with an agentless solution that grows with your business.

    Today’s threats are increasingly sophisticated and often bypass traditional malware security by masking their malicious activity. A sandbox augments your security architecture by validating threats in a separate, secure environment. FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss. It's also a key component of our Advanced Threat Protection solution.

    Offer
    Learn more about Vectra AI
    Learn more about Cisco Secure Network Analytics
    Learn more about Fortinet FortiSandbox
    Sample Customers
    Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
    Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
    Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
    Top Industries
    REVIEWERS
    Financial Services Firm19%
    Retailer19%
    Manufacturing Company13%
    Mining And Metals Company13%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Comms Service Provider19%
    Financial Services Firm8%
    Government8%
    REVIEWERS
    Healthcare Company22%
    Financial Services Firm17%
    Comms Service Provider7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Comms Service Provider26%
    Computer Software Company17%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Computer Software Company21%
    Comms Service Provider21%
    Real Estate/Law Firm14%
    Non Tech Company7%
    VISITORS READING REVIEWS
    Comms Service Provider23%
    Computer Software Company20%
    Government8%
    Financial Services Firm6%
    Company Size
    REVIEWERS
    Small Business18%
    Midsize Enterprise6%
    Large Enterprise76%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise63%
    REVIEWERS
    Small Business13%
    Midsize Enterprise10%
    Large Enterprise77%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%
    REVIEWERS
    Small Business37%
    Midsize Enterprise37%
    Large Enterprise26%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise20%
    Large Enterprise58%
    Buyer's Guide
    Network Traffic Analysis (NTA)
    September 2022
    Find out what your peers are saying about Darktrace, Auvik, Cisco and others in Network Traffic Analysis (NTA). Updated: September 2022.
    635,162 professionals have used our research since 2012.

    Cisco Secure Network Analytics is ranked 3rd in Network Traffic Analysis (NTA) with 10 reviews while Fortinet FortiSandbox is ranked 10th in ATP (Advanced Threat Protection) with 10 reviews. Cisco Secure Network Analytics is rated 8.2, while Fortinet FortiSandbox is rated 8.2. The top reviewer of Cisco Secure Network Analytics writes "Provides valuable security knowledge and helps us improve network performance". On the other hand, the top reviewer of Fortinet FortiSandbox writes "Good performance and integration capabilities with good technical support". Cisco Secure Network Analytics is most compared with Darktrace, SolarWinds NetFlow Traffic Analyzer, ThousandEyes, Palo Alto Networks Threat Prevention and Cisco Secure Cloud Analytics, whereas Fortinet FortiSandbox is most compared with Palo Alto Networks WildFire, Check Point SandBlast Network, FireEye Network Security, McAfee Advanced Threat Defense and Fortinet FortiClient.

    We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.