Try our new research platform with insights from 80,000+ expert users

Fortinet FortiSandbox vs Trellix Network Detection and Response comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 1, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiSandbox
Ranking in Advanced Threat Protection (ATP)
4th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
38
Ranking in other categories
Threat Deception Platforms (7th)
Trellix Network Detection a...
Ranking in Advanced Threat Protection (ATP)
15th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
38
Ranking in other categories
Network Detection and Response (NDR) (18th)
 

Mindshare comparison

As of January 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Fortinet FortiSandbox is 11.4%, up from 8.6% compared to the previous year. The mindshare of Trellix Network Detection and Response is 5.2%, down from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP)
 

Featured Reviews

Kiarash Heydari - PeerSpot reviewer
Light and powerful solution design; useful to have
My impression is that the initial setup process is quite straightforward. If you know what you're using it for, the initial setup can be quite easy and the solution is not that hard to use. When it comes to the steps taken for the implementation, you would select the OS you're using and when the files are sent to the appliance you check, and in the appliance configuration, it must be like the visual governance environment. You must set up the OS you have so that appliance can scan or analyze your file. To maintain this solution, you must always have at least one all-around person tuning this solution.
BiswabhanuPanda - PeerSpot reviewer
Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one
The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment. That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried. The detection itself is solid, and their sandboxing is powerful. There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere. The real-time response capability of Trellix has been quite effective, although it's not very fast. The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file. There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Integration is one of the solution's most valuable aspects. You can integrate even third-party solutions so that they can send the information or files they quarantine through the FortiSandbox"
"The dynamic behavior analysis is excellent. We have many attacks caught by the FortiSandbox as zero-day attacks. Additionally, the administration is simple and can be customized to fit your companies needs."
"Fortinet FortiSandbox's most valuable feature is the security it provides against threats, such as ransomware. Additionally, it integrates well with APIs."
"The real-time analysis capability of FortiSandbox is beneficial for email analysis."
"The product is great. It can be deployed on the cloud or on-premises."
"he solution's GUI is good."
"You have access to a report as to what behaviors the example file entered in the registry."
"FortiSandbox analyzes the behavior of processes in a sandbox environment, which is useful for threat hunting. The solution has an excellent standard configuration, and you can prioritize the types of files of VMs you want to analyze. It also integrates seamlessly with other Fortinet solutions, like FortiGate, FortiMail, and FortiEMS."
"The most valuable feature is MVX, which tests all of the files that have been received in an email."
"Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"The server appliance is good."
"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."
 

Cons

"I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords."
"The initial setup of Fortinet FortiSandbox is complex. You cannot only deploy Fortinet FortiSandbox without deploying the stack of Fortinet solutions. The implementation and integration are challenging tasks with the device and placement in the network. We needed to do POC and offloading testing."
"Most people are confused about how to use the right integration of the right Fortinet product."
"The licensing can be very confusing. It needs to be simplified."
"For the MSSPs, it would be great if the product could display all the threat chains on a dashboard since it is an area where the tool is currently lacking."
"The area I would like this solution to be improved in is the integrations for Sandbox with AI and big data ML mechanisms. I think this would be a practical improvement."
"In the next release, I would like to see machine learning and anti-exploitation included."
"Not practical for real-time web traffic analysis because users won't wait for the FortiSandbox to complete its analysis before accessing content"
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."
"The solution's support needs to improve their support."
"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."
"It is an expensive solution."
"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."
"Technical support could be improved."
"Cybersecurity posture has room for improvement."
 

Pricing and Cost Advice

"I rate the product's pricing a five or six on a scale of one to ten, where one is low, and ten is high."
"There is a license to use this solution."
"The solution is unavailable at a lower cost and can be difficult to deploy."
"The solution is affordable."
"There are no costs in addition to the standard licensing fees."
"The license for Fortinet FortiSandbox depends on the use case."
"FortiSandbox is a subscription that can be purchased from Fortinet directly. Only using FortiSandbox as features purchased as a subscription in the cloud."
"The price of Fortinet FortiSandbox is expensive."
"Pricing and licensing are reasonable compared to competitors."
"It's an expensive solution."
"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."
"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."
"The tool is a bit pricey."
"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."
"The pricing is a little high."
"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
831,369 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Government
12%
Financial Services Firm
11%
Manufacturing Company
6%
Financial Services Firm
19%
Comms Service Provider
10%
Manufacturing Company
9%
Computer Software Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortinet FortiSandbox?
The real-time analysis capability of FortiSandbox is beneficial for email analysis.
What is your experience regarding pricing and costs for Fortinet FortiSandbox?
I think it's affordable. For the six to seven months of usage, the cost has been reasonable.
What needs improvement with Fortinet FortiSandbox?
We sometimes face a delay in email scanning due to not having multiple virtual machines. Improvements could be made in dynamic scanning, scanning all email components such as URLs and attachments, ...
What do you like most about FireEye Network Security?
We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement an...
What is your experience regarding pricing and costs for FireEye Network Security?
The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced. It's a bit on the expensive side, but we don't want to compromise with cheap, less r...
What needs improvement with FireEye Network Security?
The solution's support needs to improve their support.
 

Also Known As

FortiSandbox
FireEye Network Security, FireEye
 

Overview

 

Sample Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
FFRDC, Finansbank, Japan Advanced Institute of Science and Technology, Investis, Kelsey-Seybold Clinic, Bank of Thailand, City of Miramar, Citizens National Bank, D-Wave Systems
Find out what your peers are saying about Fortinet FortiSandbox vs. Trellix Network Detection and Response and other solutions. Updated: January 2025.
831,369 professionals have used our research since 2012.