Try our new research platform with insights from 80,000+ expert users

Fortinet FortiSandbox vs Trellix Advanced Threat Defense vs Trellix Network Detection and Response comparison

Fortinet and Trellix are both solutions in the Advanced Threat Protection (ATP) category. Fortinet is ranked #3 with an average rating of 7.8, while Trellix is ranked #21 with an average rating of 9.0. Fortinet holds a 9.4% mindshare in ATP, compared to Trellix’s 1.9% mindshare. Additionally, 94% of Fortinet users are willing to recommend the solution, compared to 83% of Trellix users who would recommend it.
Fortinet FortiSandbox
Read 38 Fortinet FortiSandbox reviews
  • 2,294 Views
  • 1,950 Comparison Views
94% willing to recommend
Trellix Advanced Threat Def...
Read 8 Trellix Advanced Threat Defense reviews
  • 403 Views
  • 367 Comparison Views
83% willing to recommend
Trellix Network Detection a...
Read 39 Trellix Network Detection and Response reviews
  • 2,085 Views
  • 980 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Fortinet FortiSandbox, Trellix Advanced Threat Defense, and Trellix Network Detection and Response based on real PeerSpot user reviews.

Find out what your peers are saying about Palo Alto Networks, Microsoft, Fortinet and others in Advanced Threat Protection (ATP).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Advanced Threat Protection (ATP) Report (Updated: July 2025).
Buyer's Guide
Advanced Threat Protection (ATP)
July 2025
Download the complete report
Helped 864,574 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of August 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Fortinet FortiSandbox is 9.4%, down from 9.8% compared to the previous year. The mindshare of Trellix Advanced Threat Defense is 1.9%, up from 1.5% compared to the previous year. The mindshare of Trellix Network Detection and Response is 5.4%, up from 4.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP)
 

Featured Reviews

Abdelhamid Saber - PeerSpot reviewer
Enhanced network security with adaptable integration and really good support
We use FortiSandbox for scanning files and images that pass through our networks. It integrates with different devices, such as five adapters and other Fortinet devices It is time-saving and more secure. It saves us from a lot of antivirus and anti-malware issues. The adapter is beneficial as it…
Read full review
HS
Easy to set up and use with a nice interface
The scalability could be better. We'd like them to be better at dealing with script threats. In sandboxing, the time to respond is slower than we would like. We'd like them to be able to process faster. For example, Fortinet, they are doing 18,000 files per hour. For Wildfire, it is elastic. It can support as many files as you get. McAfee doesn't react like that. It does not support interfaces with HTTPS.
Read full review
BiswabhanuPanda - PeerSpot reviewer
Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one
The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment. That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried. The detection itself is solid, and their sandboxing is powerful. There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere. The real-time response capability of Trellix has been quite effective, although it's not very fast. The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file. There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature was the EDR, endpoint detection and response."
"The product is great. It can be deployed on the cloud or on-premises."
"Overall, it works fine. Its interface is also fine."
"Fortinet FortiSandbox is faster than other sandbox solutions."
"The solution is easy to manage."
"Performance is a valuable feature."
"The adapter is beneficial as it allows integration with various devices, not just Fortinet."
"The most valuable feature of the solution is that the performance it offers to users is good, making it useful for us in our company."
More Fortinet FortiSandbox pros
"It stops in excess of twenty-five malware events per month, all of which could be critical to the business."
"I recommend this solution because of its ease of use."
"It is stable and reliable."
"Provides good exfiltration, and is an all-in-one product."
"Its greatest strength is the DXL client which can rapidly disseminate attack information to all clients via the McAfee Agent instead of going through the ePO server."
"It is very scalable."
"The most valuable features are the administration console and its detection and response module."
"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."
"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."
"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"The installation phase was easy."
"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."
More Trellix Network Detection and Response pros
 

Cons

"If we can have more dashboards, it would be good."
"There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment."
"In the next release, I would like to see machine learning and anti-exploitation included."
"The main area of concern in Fortinet FortiSandbox is its detection capabilities."
"For additional features, maybe a form of execution pain files in a non-virtual environment because it has threats that identify when it is being run in a virtual machine."
"The integration is limited. The solution needs to offer better integration with multiple vendors."
"It would be better if it had support for Mac and Linux."
"When you reach the maximum capacity, you cannot upgrade the solution because its hardware is very expensive."
More Fortinet FortiSandbox cons
"Lacks remote capabilities not dependent on the internet."
"I would like to see future versions of the solution incorporate artificial intelligence technology."
"There could be a tool that automatically updates all-new Microsoft IPs, which are available for free to connect to the client."
"The initial setup was industry standard complex. It takes awhile and has a lot of planning involved. It could be simplified with product redesign."
"Make the ATD system a part of the whole product and take the whole thing onto the cloud. While it is there already, it is not to the same level as the on-premise version."
"This solution needs to be made "cloud ready"."
"We'd like them to be better at dealing with script threats."
"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."
"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."
"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."
"Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents."
"We'd like the potential for better scaling."
"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."
"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
"The world is currently shifting to AI, but FIreEye is not following suit."
More Trellix Network Detection and Response cons
 

Pricing and Cost Advice

"The solution is not expensive at all."
"There are no costs in addition to the standard licensing fees."
"Fortinet FortiSandbox is a nominally priced product, so I would not say that it is a very cheap tool."
"We are on an annual license to use the solution. We have an additional feature that is integrated with S5, which is working well."
"The solution is unavailable at a lower cost and can be difficult to deploy."
"There is a license to use this solution."
"It is an expensive solution."
"FortiSandbox is a subscription that can be purchased from Fortinet directly. Only using FortiSandbox as features purchased as a subscription in the cloud."
More Fortinet FortiSandbox pricing and cost advice
"The product is expensive, but it is better than the rest of them in the industry."
"Our licensing fees for this solution are approximately one million dollars per year."
"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."
"It's an expensive solution."
"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."
"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."
"Pricing and licensing are reasonable compared to competitors."
"The user fee is not as high but the maintenance fee is expensive."
"The pricing is a little high."
"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."
More Trellix Network Detection and Response pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
864,574 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Government
11%
Financial Services Firm
9%
Comms Service Provider
8%
Government
17%
Manufacturing Company
16%
Comms Service Provider
11%
Financial Services Firm
10%
Financial Services Firm
13%
Comms Service Provider
12%
Manufacturing Company
10%
Government
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortinet FortiSandbox?
The real-time analysis capability of FortiSandbox is beneficial for email analysis.
See all answers
What is your experience regarding pricing and costs for Fortinet FortiSandbox?
I think it's affordable. For the six to seven months of usage, the cost has been reasonable.
See all answers
What needs improvement with Fortinet FortiSandbox?
We sometimes face a delay in email scanning due to not having multiple virtual machines. Improvements could be made i...
See all answers
What do you like most about McAfee Advanced Threat Defense?
I recommend this solution because of its ease of use.
See all answers
What needs improvement with McAfee Advanced Threat Defense?
There could be a tool that automatically updates all-new Microsoft IPs, which are available for free to connect to th...
See all answers
What is your primary use case for McAfee Advanced Threat Defense?
We use the solution for client management and security. We used the whole suite for client Firewall, antivirus, and e...
See all answers
What do you like most about FireEye Network Security?
We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. Wi...
See all answers
What is your experience regarding pricing and costs for FireEye Network Security?
While I do not handle pricing directly, it is known that there is a variety of customers with different licensing nee...
See all answers
What needs improvement with FireEye Network Security?
The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would...
See all answers
 

Comparisons

Palo Alto Networks WildFire vs Fortinet FortiSandbox Logo
Palo Alto Networks WildFire vs Fortinet FortiSandbox
Compared 44% of the time
Check Point SandBlast Network vs Fortinet FortiSandbox Logo
Check Point SandBlast Network vs Fortinet FortiSandbox
Compared 12% of the time
Trend Micro Deep Discovery vs Fortinet FortiSandbox Logo
Trend Micro Deep Discovery vs Fortinet FortiSandbox
Compared 9% of the time
Microsoft Defender for Office 365 vs Fortinet FortiSandbox Logo
Microsoft Defender for Office 365 vs Fortinet FortiSandbox
Compared 7% of the time
Fortinet FortiDeceptor vs Fortinet FortiSandbox Logo
Fortinet FortiDeceptor vs Fortinet FortiSandbox
Compared 2% of the time
More Fortinet FortiSandbox Competitors
Microsoft Defender for Identity vs Trellix Advanced Threat Defense Logo
Microsoft Defender for Identity vs Trellix Advanced Threat Defense
Compared 35% of the time
Palo Alto Networks WildFire vs Trellix Advanced Threat Defense Logo
Palo Alto Networks WildFire vs Trellix Advanced Threat Defense
Compared 20% of the time
Check Point Infinity vs Trellix Advanced Threat Defense Logo
Check Point Infinity vs Trellix Advanced Threat Defense
Compared 18% of the time
More Trellix Advanced Threat Defense Competitors
Palo Alto Networks WildFire vs Trellix Network Detection and Response Logo
Palo Alto Networks WildFire vs Trellix Network Detection and Response
Compared 13% of the time
Trend Micro Deep Discovery vs Trellix Network Detection and Response Logo
Trend Micro Deep Discovery vs Trellix Network Detection and Response
Compared 8% of the time
Darktrace vs Trellix Network Detection and Response Logo
Darktrace vs Trellix Network Detection and Response
Compared 7% of the time
Vectra AI vs Trellix Network Detection and Response Logo
Vectra AI vs Trellix Network Detection and Response
Compared 5% of the time
Zscaler Internet Access vs Trellix Network Detection and Response Logo
Zscaler Internet Access vs Trellix Network Detection and Response
Compared 5% of the time
More Trellix Network Detection and Response Competitors
 

Product Reports

Buyer's Guide
Fortinet FortiSandbox
August 2025
Fortinet FortiSandbox reportDownload Fortinet FortiSandbox product report
Buyer's Guide
Advanced Threat Protection (ATP)
July 2025
Trellix Advanced Threat Defense reportDownload Trellix Advanced Threat Defense product report
Buyer's Guide
Trellix Network Detection and Response
July 2025
Trellix Network Detection and Response reportDownload Trellix Network Detection and Response product report
 

Also Known As

FortiSandbox
McAfee Advanced Threat Defense
FireEye Network Security, FireEye
 

Overview

Fortinet FortiSandbox is a behavior-based threat detection solution that prevents and detects malicious code in files transferred within the organization. It is integrated with FortiGate firewalls and FortiMail for threat protection and can be used for monitoring and reporting. The solution inspects files in a virtual environment with different types of virtual machines and can block or quarantine files based on their score. 

The most valuable features include dynamic behavior analysis, manual scan features, easy management and configuration, fast scanning, scalability, customization, and ICAP protocol. The solution is cost-effective and faster than other sandbox solutions, with a good user interface.

Fortinet

Powerful advanced threat detection

Uncover Hidden Threats

Combine in-depth static code analysis, dynamic analysis (malware sandboxing), and machine learning to increase zero-day threat and ransomware detection.

Threat Intelligence Sharing

Immediately share threat intelligence across your entire infrastructure—including multi-vendor ecosystems—to reduce time from threat encounter to containment.

Enable Investigation

Validate threats and access critical indicators of compromise (IoCs) needed for investigation and threat hunting.

Trellix

Detect the undetectable and stop evasive attacks. Trellix Network Detection and Response (NDR) helps your team focus on real attacks, contain intrusions with speed and intelligence, and eliminate your cybersecurity weak points.

Trellix
 

Sample Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
The Radicati Group, Florida International University, MGM Resorts International, County Durham andDarlington NHS Foundation Trust
FFRDC, Finansbank, Japan Advanced Institute of Science and Technology, Investis, Kelsey-Seybold Clinic, Bank of Thailand, City of Miramar, Citizens National Bank, D-Wave Systems
Buyer's Guide
Advanced Threat Protection (ATP)
July 2025
Download Free Report
Find out what your peers are saying about Palo Alto Networks, Microsoft, Fortinet and others in Advanced Threat Protection (ATP). Updated: July 2025.
DOWNLOAD NOW
864,574 professionals have used our research since 2012.