Fortinet FortiSandbox Zero-Day Threat Protection (On-Demand)

The company came to us and provided a proof of concept (POC) for six or seven months for testing the machine and evaluating how we can use Fortinet FortiSandbox . Also, we use FortiSandbox  for scanning files, like attachments.

Currently, there isn't a standout feature. We use Fortinet FortiSandbox for scanning files such as attachments, and we have not faced any issues so far. Up to now, it is performing well.

We sometimes face a delay in email scanning due to not having multiple virtual machines. Improvements could be made in dynamic scanning, scanning all email components such as URLs and attachments, and analyzing the Sandbox response. Additionally, better integration with cloud solutions and enhanced performance would be beneficial.

I have been using FortiSandbox for six months, specifically for testing purposes on the Alibaba Cloud  platform.

The solution is stable up to now because it is still new, just six months maximum.

The solution's performance is fine and more improved compared to the last two months.

As of now, I've primarily been in contact with the consultants for support and have only needed one ticket with Fortinet. I have no substantial experience with Fortinet's direct technical support.

Neutral

I previously used Cisco, but Fortinet is much easier in terms of configuration and service time.

The initial setup of Fortinet was easy, more so than other products. Even though I'm not directly involved, it has been very easy to work with Fortinet, especially compared to other solutions.

It was a combined effort. A consultant from an external company worked alongside us on the implementation. Most of the integration and support involved consultants.

I think it's affordable. For the six to seven months of usage, the cost has been reasonable.

FortiSandbox is rated five out of ten. It meets the requirements but still has room for growth and improvements.

We use FortiSandbox  for scanning files and images that pass through our networks. It integrates with different devices, such as five adapters and other Fortinet devices.

It is time-saving and more secure. It saves us from a lot of antivirus and anti-malware issues.

The adapter is beneficial as it allows integration with various devices, not just Fortinet.

It would be better if we could integrate FortiSandbox  with endpoint security solutions. This would allow us to scan files opened by the endpoint user and not just over the network.

I have about one year of experience working with FortiSandbox.

I would rate the stability of FortiSandbox as eight out of ten.

I would rate the scalability of FortiSandbox as eight out of ten.

Fortinet provides really good technical support. They introduce high-level support for us.

Positive

The initial configuration is straightforward and not difficult. We have an ID for port one and can assign port three for ID two for the device.

I am not familiar with the pricing because my role is strictly technical.

I recommend using FortiSandbox, especially if your environment relies on FortiGate  devices or is integrated with Fortinet. It ensures better compatibility.

I'd rate the solution nine out of ten.

We use Fortinet FortiSandbox for malware analysis, seamlessly integrating with various solutions such as FortiGate, FortiMail for Mail Security, FortiWeb, and other endpoints. FortiSandbox also supports ICAP integration with FortiWeb, enhancing its capabilities. These integrations can be configured within FortiSandbox, either internally or externally. Additionally, FortiSandbox offers integration with Exchange as an adapter.

The integration is easy with other Fortinet products like FortiMail. The technology of sandboxing FortiSandbox can cover it.

Fortinet FortiSandbox has the capability for manual analysis' Unlike its competitors, FortiSandbox offers functionalities such as banning, sniffing, and analyzing traffic in the network. It can connect as a bandwidth analyzer and provide analytics on the network traffic. It's not limited to just sandboxing; it can also operate at the endpoint, firewall, or gateway levels to submit files for analysis and monitor network traffic for analysts.

The solution must focus on API integration with other vendors.

I have been using Fortinet FortiSandbox as an integrator since 2017.

The solution is stable on dedicated appliances like virtual machines. It also depends on the capabilities of the host system, including CPU and RAM.

The solution is scalable. You can configure up to one hundred nodes as workers. Additionally, you can include up to ninety-eight worker nodes in other models, allowing them to function as a cluster.

It has a defense line from zero-day attacks and sophisticated attacks. You will need an EDR solution and the endpoint.

Six persons are using this solution.

Customer support is friendly and has a good team.

A network security engineer can deploy the solution. The organization's IT department manages administration, including application and network security. Multiple administrators may use FortiSandbox, each with their front-end interface for managing it.

The solution provide zero-day attacks which benefitted a lot.

If the customer's operating system is supported, there's no need for a custom package. It's straightforward. If a custom operating system is required, it will take longer due to the need for package customization.

Overall, I rate the solution an eight out of ten.

We implemented FortiSandbox in three main steps: planning the infrastructure and topology, setting up dedicated Internet access for the sandbox, and configuring manual uploading and email forwarding. For email communication, we used either FortiMail or BCC/force mirroring solutions. FortiSandbox has successfully identified and blocked email attachments containing threats. 

The real-time analysis capability of FortiSandbox is beneficial for email analysis, but it's not practical for real-time web traffic analysis because users won't wait for the FortiSandbox to complete its analysis before accessing content.

I have experience working with Fortinet FortiSandbox, but it's been about one year since the first implementation.

It is stable

The solution is scalable especially suitable for enterprise businesses.

I haven't needed technical support, and while the pricing can be expensive, the performance and security it offers are commendable.

I rate the initial setup of Fortinet FortiSandbox as a little bit difficult due to licensing issues,

I would recommend FortiSandbox for high-security environments like financial or government sectors. Overall, I rate it an eight out of ten.

The most valuable features of the product include components like CDR, greylisting, sandboxing, attachment detection in sandboxing, DLP  fingerprinting, and the redirect option.

For the MSSPs, it would be great if the product could display all the threat chains on a dashboard since it is an area where the tool is currently lacking.

I have been using Fortinet FortiSandbox  for around two years. My company has a partnership with Fortinet. My company also operates as an MSP for Fortinet.

It is a stable solution with no issues at all. The product is scalable and stable since it is compatible with cloud solutions like AWS  and Azure . The product can be deployed on the cloud services offered by Amazon AWS  or Microsoft Azure .

It is an easily scalable solution.

My company caters to the needs of small, medium, and large-sized businesses where the solution is used.

The solution's technical support is satisfactory. I rate the technical support a seven to eight out of ten.

Positive

I have worked with other solutions in the past.

The product is easy to deploy.

The product can be deployed in 15 days.

Two or three people from our company are involved in the deployment, implementation, and configuration process.

Fortinet FortiSandbox  saves a lot of money for its users since if an attack happens in your environment, the loss is infinite, especially in terms of the brand value and laws of data. In terms of ROI, the tools safeguard the data and brand value of the company. The percentage of the ROI can vary from company to company. If the product prevents an attack on a small or medium-sized business, then the ROI part will have a different implication in terms of numbers. If the product prevents an attack on an enterprise-sized company, the ROI part will have a different implication in terms of numbers.

Fortinet FortiSandbox is a nominally priced product, so I would not say that it is a very cheap tool. It is one of the best solutions in the market with a competitive pricing model, similar to the prices offered by products from Cisco.

I would describe Fortinet FortiSandbox, which has been deployed within our company's network for threat detection, as a proactive solution with multiple functionalities. A few of the functionalities of the product include areas like sandboxing, CDR, pattern-reading, and detection ratio, which are very good.

I rate the product's effectiveness in dealing with zero-day threats a seven to eight out of ten, where ten means it is the most effective product for dealing with zero-day threats.

As of now, Fortinet FortiSandbox is not integrated with other Fortinet solutions to improve our company's security posture. The tool is integrated with our own existing email security gateway to use anti-spam and anti-virus features.

The tool should have more ability to customize from the reporting point of view. The tool should be able to provide more slicing and dicing in data. The users of the product should try to know about threat chains t with the help of the tool's MSPs so that they know the outcome of a threat that may enter their networks. In the MSP model, it would be good if the aforementioned area gets integrated.

The reporting and alerting capabilities of the product have helped our company's security area since the tool provides good and deep-dive reports, which include proper reasoning for certain actions that were taken. The report will explain why it blocked or did not block certain aspects. There are detailed reports in terms of the logs that the tool provides its users. The tools also provide details on the areas that were quarantined. In general, the tool provides a very detailed report.

The product is easy to maintain since my company gets proper support from Fortinet.

In my company, there are many use cases to describe scenarios where the product prevented or mitigated a breach or an attack. My company operates as a managed service provider for Fortinet, and many of our customers use Fortinet FortiSandbox. When my company receives any attacks via links or attachments, FortiMail  blocks such emails.

I suggest others consider whether they plan to buy a solution from a security company. I will see whether the tool I use for sandboxing is from a security company or not. I will consider the catch rate of the product. I will also consider the other solutions that the vendor can bring in for me that can improve and secure my company's security posture while being easy to use and implement.

I will consider whether the vendor who offers our company sandboxing features has a security background. I will look into whether the solution is interoperable or not. There should be interoperability if I need to deploy some other solution as well, like a DLP  or a firewall.

I rate the overall tool a seven out of ten.