No more typing reviews! Try our Samantha, our new voice AI agent.

Fortinet FortiSandbox vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiSandbox
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
39
Ranking in other categories
Advanced Threat Protection (ATP) (9th), Threat Deception Platforms (3rd)
NetWitness Platform
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (38th), Security Information and Event Management (SIEM) (36th)
 

Mindshare comparison

Fortinet FortiSandbox and NetWitness Platform aren’t in the same category and serve different purposes. Fortinet FortiSandbox is designed for Advanced Threat Protection (ATP) and holds a mindshare of 4.7%, down 7.5% compared to last year.
NetWitness Platform, on the other hand, focuses on Log Management, holds 1.1% mindshare, up 0.3% since last year.
Advanced Threat Protection (ATP) Mindshare Distribution
ProductMindshare (%)
Fortinet FortiSandbox4.7%
Palo Alto Networks WildFire7.1%
Microsoft Defender for Office 3656.4%
Other81.8%
Advanced Threat Protection (ATP)
Log Management Mindshare Distribution
ProductMindshare (%)
NetWitness Platform1.1%
Splunk Enterprise Security6.9%
Wazuh4.6%
Other87.4%
Log Management
 

Featured Reviews

AN
Security Manager at a computer software company with 11-50 employees
Advanced sandboxing has protected users from zero-day threats and has simplified secure file scanning
The smooth integrations between Fortinet FortiSandbox and other Fortinet solutions such as FortiWeb and FortiFirewall and with other Fortinet environments are what I really appreciate. We have minimum false positives during threat detection. Our clients have not given negative feedback from detection. As you know, it still needs some tuning after implementation. However, we never receive negative feedback for many false positives during implementation.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The adapter is beneficial as it allows integration with various devices, not just Fortinet."
"The most valuable feature was the EDR, endpoint detection and response."
"The most valuable feature is the protection and the way it works, the technology is what I like the most."
"What I find most valuable, is that it is easy to use."
"I would recommend Fortinet FortiSandbox to others, it is the most comprehensive sandbox available."
"Overall, it works fine, and its interface is also fine."
"Compared to other solutions, it's easy to configure and implement because of the templates, and the timing of scanning files is faster."
"The scanner office document as well as PDF are useful. The most valuable thing is that you can emulate different operating systems without having the danger of getting something infected. It emulates several operating systems, and as a result, you either get the file or you don't get the file."
"The solution is reliable."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"This solution has a very good dashboard with a separate tab for incidents and alerts."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable features are the integration and ease of use."
"Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents."
"The solution is really scalable for the high-end power, enterprise customer."
 

Cons

"The area I would like this solution to be improved in is the integrations for Sandbox with AI and big data ML mechanisms. I think this would be a practical improvement."
"The capabilities and features of this solution are not good."
"It can be difficult if you need to use the Command Line Interface (CLI). It's much easier if you only have to deal with the GUI."
"Sometimes, there are issues upgrading the version of the firewall or the SD-LAN box. After we upgrade to the latest version of the software, we still have the same box. I think it's the same for every vendor."
"When there are passwords in the password-protected files, it can't scan them or do things like this."
"We sometimes face a delay in email scanning due to not having multiple virtual machines."
"If we can have more dashboards, it would be good."
"There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The initial setup is very complex and should be simplified."
"The log system is a bit complex and has room for improvement."
"The tool's integration capability isn't so great."
"More customizability is required, which is something that they need to improve on."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"It is not so easy to customize this product."
"Advance monitoring and alerting feature is not stable (Event Stream Analysis)."
 

Pricing and Cost Advice

"There are no costs in addition to the standard licensing fees."
"The price of Fortinet FortiSandbox is expensive."
"Altogether, it is about €10,000 for the Sandbox and Email Gateway."
"The solution is unavailable at a lower cost and can be difficult to deploy."
"There is a license to use this solution."
"FortiSandbox is a subscription that can be purchased from Fortinet directly. Only using FortiSandbox as features purchased as a subscription in the cloud."
"Fortinet FortiSandbox is a nominally priced product, so I would not say that it is a very cheap tool."
"Fortinet is more reasonable than Palo Alto."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"Our license is for one year."
"It is cheap."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"The product price was reasonable for my region and the market."
"This is a pricey solution; it's not cheap."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
903,182 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Manufacturing Company
12%
Financial Services Firm
11%
Comms Service Provider
9%
Construction Company
7%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise13
Large Enterprise9
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What is your experience regarding pricing and costs for Fortinet FortiSandbox?
The cost is in the mid-range. It is not low and it is not high.
What needs improvement with Fortinet FortiSandbox?
I think Fortinet FortiSandbox could introduce more automation tools and AI tools.
What is your primary use case for Fortinet FortiSandbox?
Clients primarily ask us to integrate Fortinet FortiSandbox either with FortiMail or with firewalls to scan downloadable files and ensure that client access browsing is secure with no harmful files...
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

FortiSandbox
RSA Security Analytics
 

Overview

 

Sample Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
Los Angeles World Airports, Reply
Find out what your peers are saying about Palo Alto Networks, Proofpoint, Microsoft and others in Advanced Threat Protection (ATP). Updated: June 2026.
903,182 professionals have used our research since 2012.