Fortinet FortiSandbox Reviews

My company uses Fortinet FortiSandbox to integrate with the email system named FortiMail. Fortinet FortiSandbox also helps with the integration of network infrastructure, allowing our company to extract some objects from the network and analyze them.

The main benefit of Fortinet FortiSandbox is that it allows organizations to detect and prevent unknown threats from entering an infrastructure.

The most valuable feature of Fortinet FortiSandbox is its ability to be integrated with email infrastructure, like FortiMail, with a blocking mode option, which means that FortiSandbox not only allows the detection of some malicious objects in emails but also helps block them to prevent end users from receiving from malicious emails.

The main area of concern in Fortinet FortiSandbox is its detection capabilities. I have seen some cases where the solution doesn't provide any clue of threats or malicious objects to its users. When FortiSandbox was not able to detect some malicious objects, Fortinet's competitors were able to do that. The aforementioned area can be considered for improvement.

I have been using Fortinet FortiSandbox for three to four years. I am an end user of the solution.

It is a pretty stable solution. Stability-wise, I rate the solution an eight to nine out of ten.

It is a scalable solution. From my experience, I can say that the solution's embedded functionality was enough to cover all use cases in the past involving different environments.

Scalability-wise, I rate the solution an eight out of ten.

I have contacted Fortinet's technical support and found them to be pretty responsive and fast. I rate the technical support a nine out of ten.

Positive

Kaspersky, FireEye, and Trend Micro were the solutions I used in the past. Kaspersky, FireEye, and Trend Micro were the solutions I used in the past. I cannot compare the solutions I have used in the past with Fortinet FortiSandbox and comment on which one was the best solution I used since the use of each solution depends on the use cases and Infrastructures. The main advantage of Fortinet FortiSandbox is that it is a part of Fortinet Security Fabric, meaning Fortinet has its own security framework. It is really easy to deploy FortiSandbox and integrate with other Fortinet solutions. Suppose your company has a Fortinet stack or technologies across your network or infrastructure for endpoint protection or network protection. I think Fortinet FortiSandbox would be the easiest choice. I cannot say that Fortinet FortiSandbox is better than Kaspersky, FireEye, or Trend Micro.

The initial setup phase of Fortinet FortiSandbox was pretty straightforward because, in my case, I worked with the physical appliances. According to the documentation, the setup phase for virtual appliances would be exactly the same as for physical appliances. You just deploy the box and then configure it, after which you create some integrations with FortiMail and other systems, which may take less than an hour.

The solution is deployed on an on-premises model.

The solution can be deployed in an hour or even less in the easiest scenarios. In the not-so-easy scenarios, the deployment phase for the solution may take a day or two. Some of my company's customers want to integrate Fortinet FortiSandbox with FortiMail and other tools, so it involves multiple integration points. The purpose of integrating Fortinet FortiSandbox with other tools may be to simultaneously monitor network or email traffic and use some customized images for virtual machines, which does take time. There is a need to perform fine-tuning in the solution to set up detection capabilities and some mechanisms.

I take care of the solution's installation phase in my company. For the solution's installation phase in my company, I sought the help of my colleagues from the IT department to manage the integration of Fortinet FortiSandbox with our company's email system since certain settings are to be done not only in FortiCentral but also in FortiMail and network layers. In most scenarios, you are not able to do it by yourself because you don't have proper access to a particular system.

It is a problem task to prove the ROI of any security solution. I saw several cases where FortiSandbox was able to detect some zero-day ransomware attacks at a time when there were no solutions, like FortiSandbox, making it easy for the ransomware attack to be successful. Dealing with a successful ransomware attack would cost a lot of money.

Though I don't know the exact numbers related to pricing, the solution is priced adequately or fairly.

I rate the product's pricing a five or six on a scale of one to ten, where one is low, and ten is high.

Though the solution comes with embedded licenses, there is always a problem for all the vendors when it comes to the virtual machines from Windows. Since Fortinet provides for the additional licenses, there is no need to buy any additional licenses.

If a company has some Fortinet equipment in its environment already, then Fortinet FortiSandbox would be the best choice for them. If a company wants to go for the deployment of some other solution for all their infrastructures, then it would be good to analyze the integration and detection capabilities.

I rate the overall solution a nine out of ten.

I have experience installing solutions with the sandbox, along with its functionality that is multifunctional. When some files are detected with viruses, they are placed in quarantine.

The solution puts the suspected file in quarantine, then analyzes if there is a risk by scanning it. If not, they remove it from the quarantine.

Improvement is needed considering that it could be a scenario where it is limited, especially it may be during those periods of time when they are not updated. In general, maybe they are not updated to cover other risks.

I have experience with Fortinet FortiSandbox. My previous company had a partnership with Fortinet. In my current company, we don't have any partnerships with Fortinet. I work as an IT consultant.

The solution has the highest stability because a lot of clients have adopted Fortinet solutions with different variations. They didn't give me a report of its issues or problems. A lot of clients got Fortinet solutions without reporting any network or appliance availability problems, while it was different for other vendors. When implementing and designing Fortinet, around 80 percent of the solutions in Mexico were for Fortinet solutions.

I rate the solution's stability a nine out of ten.

There is a specific list of Fortinet products you can select from, and they offer a variety of user functionalities and performance levels that can cover our approach. It is easy to increase or change to another appliance that can support the growth of any of the factors. Therefore, it is easy to change it or increase it.

I rate the solution's service and support an eight out of ten.

Positive

The solution is not complex as they are already included in Fortinet. There is a special solution for sandboxing, but it increases the level of security. In that version, you can get more from that solution and more efficiency in using sandboxing.

The initial setup is easy because I have been working with Juniper, and they have the same interface. The graphic interface is friendly and it is intuitive. For me, it is easy to configure.

Overall, I rate the solution an eight out of ten.

FortiSandbox is used to contain and prevent malware outbreaks. 

One of my clients was receiving malware in their email. Less than 1 percent of their email contained malware, but it was still too many. FortiSandbox prevented the malware from entering the broader network. FortiMail forwarded the files to be analyzed in FortiSandbox, which ran it on a Windows 10 machine with Office 365. The sandbox detected malicious behavior. One of the files tried to change the Windows registry, so FortiSandbox flagged it as malware and reported it to FortiMail, which blocked the email. 

FortiSandbox analyzes the behavior of processes in a sandbox environment, which is useful for threat hunting. The solution has an excellent standard configuration, and you can prioritize the types of files of VMs you want to analyze. It also integrates seamlessly with other Fortinet solutions, like FortiGate, FortiMail, and FortiEMS. 

It should be easier to import custom virtual machines. Some of the VMs that are in FortiSandbox don't have the applications that we have in our environment. We need to import a VM with specific applications that we use in our environment. Have all the licenses because this is a real environment. You need a license for the Windows client you run on it. It's possible to import custom VMs, but it's a pain to do it. I would like a tool that simplifies the process. 

We have used FortiSandbox for three years. 

FortiSandbox is pretty stable. I don't remember a time when it crashed. We've had to restart the VMs, but not the sandbox itself. 

There are limits to FortiSandbox because you must pay for a license for all the VMs you use.

The setup is straightforward. Yeah. You only need to install the VM and configure the two interfaces. We use one FortiSandbox for external requests and another internally. Sometimes, the malware tries to access something on the Internet. you can block it on the sandbox or allow it, so you can gather more information about what it is trying to do. 

But maybe you don't want the VM or the malware on the VM accessing the Internet from your environment. You need to configure that interface for that purpose. After that, you must authorize the FortiGate or the fabric devices on the FortiSandbox and create the VMs. If you are using the VMs Fortinet provides, you can download and provision them with one click. It will have the default configuration. The default policy may not work the way you intend, but it will protect out of the box. 

We've seen a return by preventing outbreaks and stopping zero-day threats. 

FortiSandbox is pricey because we need to purchase three licenses, including one for the cloud and an on-prem license. We also have a sandbox that comes with a FortiGate UTM license, but you don't have access to the VMs. However, you can access the malware timeline from the cloud and see the information about the FortiSandbox services. Still, It doesn't block the threat immediately. If you are downloading malware, FortiGate will send it to the FortiGate cloud sandbox, but the download will finish, and you'll have malware in your host. As soon as the sandbox returns a verdict on that file, it will be blocked on the next download attempt if it's malware.

I rate FortiSandbox 10 out of 10.

It's used to detect non-signature-based malware.

The product is great. It can be deployed on the cloud or on-premises. There's a virtual machine and a hardware appliance available, so it's quite versatile.

In future releases, it would be better if it had support for Mac and Linux.

We have been using this solution since its release.

It doesn't crash as often as other vendors' products. So, yeah, I think it's a good product.

It was pretty basic, nothing too complex.

It's not very expensive. I would rate it around a five or six, somewhere in the middle.

I would advise you to connect FortiSandbox with all available Fortinet appliances, such as the Endpoint Protection Suite, FortiGate firewall, FortiMail, and FortiWeb, as well as any other Fortinet appliance they have. It's important to ensure that the deployment is connected to the Sandbox.

Overall, I would rate the solution an eight out of ten. 

I provide this solution in the FortiGate firewall as a cloud license. I'm in presales and I qualify the solution, so I don't install it or deploy it. I worked with Sandbox for one project two years ago, especially with FortiGate 200E. I worked with the customer and prepared the solution according to their needs, and we decided on the architecture and design to deploy this solution.

We put the firewall in the front end design and we configured it so that every file will be downloaded through the HTTP, or HTTPS, and the file will be scanned and analyzed with the antivirus of FortiClient. This is checked with the signature of this antivirus. If it's not okay, we will configure it to be scanned and analyzed with Sandbox.

There, we will configure, for example, a virtual machine for in the cloud that contains Windows Server or Windows Desktop, the version that the customer already has. We deploy some services like Active Directory, or the service that the customer uses. We try to send this file to the virtual cloud. Then we check it. If the file attains a certain score, we will block it. If not, we can make an event quarantine. We configure our event in the firewall or in the switch that connects in this firewall, and we will put it in quarantine until that administrator checks this file and where or not it contains malware or not.

In general, we purchase the license and we configure it in the front end firewall, not in the internal or data center firewall. This is especially for downloading the files that we can receive.

For the firewall, we were using the version FortiOS 7.0. The first version that we deployed was the 6.5 version. That includes this cloud license.

The firewall is on-premise, but the license for FortiSandbox is on the cloud.

There are 10 people using this solution in my company.

The price has been a benefit to our organization. Fortinet has given us a very interesting financial offer compared to others. For example, if we compared it with Palo Alto, they have a specific license for sandbox but call it WildFire, and it's very expensive. In comparison with the Fortinet, the license is included in a bundle that includes antivirus and URL file filtering. This is for an SMB, small and medium businesses. It's competitive in terms of the price.

Compared to other solutions, it's easy to configure and implement because of the templates. The timing of scanning files is faster.

There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment. It's better to have more use cases and more simulated environments that we can configure.

I have been using this solution for two years.

The solution is stable. The performance is okay because Fortinet is based on FortiADC, and they have the capability to have a higher performance than others.

I do not use the solution daily. It depends on the project. At the moment, we don't have plans to increase usage.

With the cloud license, the scalability is okay, but it depends on the firewall type. For a smaller business, I think they are limited with the number of files. It depends on the number of firewalls.

For the on-prem solution, it certainly depends. I think there are problems with the scalability. If you need to extend or add more sizing, that means more files per day. We have to change the kind of appliance. This is a problem for that. But if it was on a VM solution, maybe it wouldn't be a problem for scalability.

Technical support is good.

We have used other solutions previously. It depends on the needs of our customers and the budget.

Concerning security, Trend Micro is better in comparison.

Initial setup is complex. The length it takes to deploy the solution just depends. We also need to have a tuning phase to collect more information for the environment and how to configure it. If we already have the template, we can easily configure it in two days. But after that, we have to make a learning phase or tuning phase to see how the solution responds and what the results are, and then we can optimize the configuration. The timing depends on the context.

For maintenance, patching, and updating, we need maybe two people.

The price is competitive.

I would rate this solution 7 out of 10.

We are using Fortinet FortiSandbox to inspect and scan all our files. All the files inside our organization that is transferred through the company. The solution scans the files inside the PSVM because it has many VMs inside the FortiScan. It's working on zero-day attacks and not based on the signature of the threat. It's based on behavior analysis.

The dynamic behavior analysis is excellent. We have many attacks caught by the FortiSandbox as zero-day attacks. Additionally, the administration is simple and can be customized to fit your companies needs.

Fortinet FortiSandbox has manual scan features. We have other sandboxes solutions from other vendors but they don't have this feature. It allows you to interpret or intervene in the scan whatever you want. It is a SOC analyzer, and it is called Manual Scan or something similar. Comparing this feature to other vendors, it's very good.

The reporting tools could be improved in Fortinet FortiSandbox.

I have been using Fortinet FortiSandbox for approximately six years.

The stability of the solution is good.

We have not tried to scale the solution, it has been working fine for what we have been using it for at this time.

We have approximately 50 devices and 1,000 to 2,000 files being scanned daily.

We use the solution extensively.

We use similar sandbox solutions from Forcepoint and Palo Alto.

The installation of Fortinet FortiSandbox is very easy.

We did the implementation ourselves.

We are on an annual license to use the solution. We have an additional feature that is integrated with S5, which is working well.

I would recommend Fortinet FortiSandbox to others, it is the most comprehensive sandbox available.

I rate Fortinet FortiSandbox an eight out of ten.

We use Fortinet FortiSandbox to troubleshoot different software.

Performance is a valuable feature.

The delivery feature in my country is extremely bad.

I have been using Fortinet FortiSandbox for three months.

It is a stable solution. 

It is a scalable solution. 

We have the support to set it up. It took a few months to deploy it. We integrate the solution and the support takes care of the solution after that. Almost three to four people are required for the maintenance.

It is an expensive solution. 

I would rate the overall solution an eight out of ten. 

Fortinet FortiSandbox is a multi-functional solution. When some files have been packed with viruses, the solution detects and quarantines them.

Fortinet FortiSandbox puts suspicious files in quarantine, analyzes for virus risks, and lets them out of quarantine if it detects no risk.

The solution could be limited in some scenarios. If updated, Fortinet FortiSandbox could cover other risks.

Fortinet FortiSandbox is a very stable solution. In my experience, it has the most stability that I have seen because a lot of clients got the solution and didn't report any problems with the network or the availability of the appliance. Fortinet FortiSandbox is different from other vendors. Percentage-wise, 80% got Fortinet FortiSandbox solutions in Mexico.

There is a specific list of Fortinet products you can select from, and they have a range of user functionalities and performance. So it's easy to increase it or to change to another appliance that can support the growth of any of the factors I mentioned. So it's easy to change it or increase it.

Fortinet FortiSandbox could provide better customer support.

Positive

Fortinet FortiSandbox's initial setup is easy because its graphic interface is very friendly and in 3D. I have been working with Juniper, and they have the same interface. The solution is easy to configure.

There is a special solution in Fortinet for sandboxing that increases the level of security. In that solution, you could get more efficiency in using sandboxing.

Overall, I rate Fortinet FortiSandbox an eight out of ten.