We sometimes face a delay in email scanning due to not having multiple virtual machines. Improvements could be made in dynamic scanning, scanning all email components such as URLs and attachments, and analyzing the Sandbox response. Additionally, better integration with cloud solutions and enhanced performance would be beneficial.
Senior Security & Infra Technology Systems Engineer at BARQ Systems
Real User
Top 10
2024-10-23T14:23:00Z
Oct 23, 2024
It would be better if we could integrate FortiSandbox with endpoint security solutions. This would allow us to scan files opened by the endpoint user and not just over the network.
Assistant Vice President, PreSales at Netcore Cloud
MSP
Top 5
2024-02-12T07:59:13Z
Feb 12, 2024
For the MSSPs, it would be great if the product could display all the threat chains on a dashboard since it is an area where the tool is currently lacking.
The main area of concern in Fortinet FortiSandbox is its detection capabilities. I have seen some cases where the solution doesn't provide any clue of threats or malicious objects to its users. When FortiSandbox was not able to detect some malicious objects, Fortinet's competitors were able to do that. The aforementioned area can be considered for improvement.
IT Project Management at a energy/utilities company with 11-50 employees
Real User
Top 5
2023-06-23T14:25:00Z
Jun 23, 2023
Improvement is needed considering that it could be a scenario where it is limited, especially it may be during those periods of time when they are not updated. In general, maybe they are not updated to cover other risks.
The area I would like this solution to be improved in is the integrations for Sandbox with AI and big data ML mechanisms. I think this would be a practical improvement. I would also like to see improvements in the solution's stability and the pricing plan.
Senior Network Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
2023-01-19T12:28:00Z
Jan 19, 2023
Sometimes, there are issues upgrading the version of the firewall or the SD-LAN box. After we upgrade to the latest version of the software, we still have the same box. I think it's the same for every vendor.
The use cases in Fortinet FortiSandbox are not good. It is difficult to upload a custom VM for Fortinet FortiSandbox. The integration of Fortinet FortiSandbox with other Fortinet or FortiGate firewalls is not good. VMs are already installed in the hardware and are working fine, but we tried to approve the custom VM many times but did not succeed. Fortinet FortiSandbox is complex in uploading the custom VM. Fortinet FortiSandbox needs to improve the customization and the custom framework updates.
Consultant Business Development - Security at a comms service provider with 51-200 employees
Consultant
2022-02-22T21:41:22Z
Feb 22, 2022
There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment. It's better to have more use cases and more simulated environments that we can configure.
Architect of solutions at a comms service provider with 11-50 employees
Reseller
2021-03-09T11:52:10Z
Mar 9, 2021
With the 3000D we had some issues with the FortiOS version. I don't remember which one it was, however, there was an interaction problem or a performance issue. It might have been the FortiOS issue as it was a very particular, very specific issue and the performance was very high. All the indicators were in the highest levels and yet the equipment was not necessarily overloaded from doing analysis. I haven't interacted directly with these solutions. I mainly use it for design and not how they work, and therefore I haven't interacted directly with them. It would be hard for me to comment on missing features in general. The price just could be a little bit better, I would say, however, that depends a lot on the manufacturer. If you were to compare prices between vendors and manufacturers, you would see that the lowest equipment in the Sandbox line is quite expensive for a new customer. Those kinds of clients that don't have a very big budget or at least a medium one, need to rely on cloud solutions more than hardware, as hardware is expensive. It would be ideal if the product had the ability to, if it cannot detect something correctly, to be able to put it on hold until a new release. That would be very circumstantial, actually. However, it could help protect against unknown entities.
I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords.
Principal Cyber Security Architect at a comms service provider with 5,001-10,000 employees
Reseller
2019-10-27T06:19:00Z
Oct 27, 2019
I'm not sure whether anything needs improvement because I feel we need to have more experience with it. Perhaps if there were issues where customers complained, that's when I would be able to comment on what could be improved. So far, I haven't come across any specific features that need improving. I'm content with the features of the product. If they plan to provide a feature that would make it easier for the customer to configure themselves, that would be appropriate. And possibly a user interface. As a service provider, the functionality is quite satisfactory.
Senior Security Consultant at SEE "Systems Engineering of Egypt"
Real User
2019-10-06T16:38:00Z
Oct 6, 2019
It would be awesome if it can be integrated with other solutions. I would like to add one more feature because there are some tricks to deploy integration for all sorts in a product. I had that problem because when I had FortiSandbox, FortiLink, FortiClient, FortiManager, FortiLicense, there was one license for the integration, and the other license was called IOP or FortiAnalyzer. I would like to have one bundle or one license for each device. There should be one orchestrator for the integration because until now there have been two devices, which are the orchestrators for the integration. So most people are confused about how to use the right integration of the right Fortinet product.
IT Manager at a international affairs institute with 11-50 employees
Real User
2019-10-02T11:08:00Z
Oct 2, 2019
Sometimes, email remains in the queue, which is a problem that we have contacted support about. This is something that needs to be improved. The response time from technical support should be improved.
Solutions Manager at a tech services company with 1,001-5,000 employees
Real User
2019-09-29T12:12:00Z
Sep 29, 2019
The licensing can be very confusing. It needs to be simplified. When choosing FortiSandbox, there are three different types of Licenses, but it doesn’t specify that it is for FortiSandbox, so you have a box for Sandboxing, then a separate box for hardware, and a separate one for the Cloud.
FortiSandbox could be improved. Fortinet took some time to include this feature and new technologies. They have to develop it more, because of the codes, the variables in the number of virtual environments and the number of virtual rules. They only provide eight or sometimes a maximum of fourteen virtual environments and the competitors are offering two hundred environments, so the number of environments offered it too small and needs to increase. Currently, this is one of the weakest capabilities with FortiSandbox. The integration has no enforcements, you cannot apply any action, you have to integrate it with Fortinet. For example, if a customer wants to have FortiSandbox, he has to purchase the entire Fortinet profile. This is not an advantage for Fortinet, compared to others that can be integrated easily with any technology and with any vendor. Fortinet will only integrate with itself. They are not leading in endpoints for FortiSandbox. The capabilities and features of this solution are not good. They have to enhance and develop the product to compete. In the next release, I would like to see machine learning and anti-exploitation included.
Fortinet FortiSandbox is a behavior-based threat detection solution that prevents and detects malicious code in files transferred within the organization. It is integrated with FortiGate firewalls and FortiMail for threat protection and can be used for monitoring and reporting. The solution inspects files in a virtual environment with different types of virtual machines and can block or quarantine files based on their score.
The most valuable features include dynamic behavior analysis,...
We sometimes face a delay in email scanning due to not having multiple virtual machines. Improvements could be made in dynamic scanning, scanning all email components such as URLs and attachments, and analyzing the Sandbox response. Additionally, better integration with cloud solutions and enhanced performance would be beneficial.
It would be better if we could integrate FortiSandbox with endpoint security solutions. This would allow us to scan files opened by the endpoint user and not just over the network.
The solution must focus on API integration with other vendors.
For the MSSPs, it would be great if the product could display all the threat chains on a dashboard since it is an area where the tool is currently lacking.
In future releases, I would like to see more automation capabilities.
The delivery feature in my country is extremely bad.
The main area of concern in Fortinet FortiSandbox is its detection capabilities. I have seen some cases where the solution doesn't provide any clue of threats or malicious objects to its users. When FortiSandbox was not able to detect some malicious objects, Fortinet's competitors were able to do that. The aforementioned area can be considered for improvement.
Improvement is needed considering that it could be a scenario where it is limited, especially it may be during those periods of time when they are not updated. In general, maybe they are not updated to cover other risks.
The solution could be limited in some scenarios. If updated, Fortinet FortiSandbox could cover other risks.
In future releases, it would be better if it had support for Mac and Linux.
The area I would like this solution to be improved in is the integrations for Sandbox with AI and big data ML mechanisms. I think this would be a practical improvement. I would also like to see improvements in the solution's stability and the pricing plan.
I would like to have machine learning added to the solution in a future release.
Sometimes, there are issues upgrading the version of the firewall or the SD-LAN box. After we upgrade to the latest version of the software, we still have the same box. I think it's the same for every vendor.
Fortinet FortiSandbox can improve by decreasing the time of analysis response. Other solutions have a better response time, such as WildFire.
Fortinet FortiSandbox should improve its performance and security accuracy to keep competitive with other solutions, such as IBM.
The use cases in Fortinet FortiSandbox are not good. It is difficult to upload a custom VM for Fortinet FortiSandbox. The integration of Fortinet FortiSandbox with other Fortinet or FortiGate firewalls is not good. VMs are already installed in the hardware and are working fine, but we tried to approve the custom VM many times but did not succeed. Fortinet FortiSandbox is complex in uploading the custom VM. Fortinet FortiSandbox needs to improve the customization and the custom framework updates.
There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment. It's better to have more use cases and more simulated environments that we can configure.
If we can have more dashboards, it would be good.
The reporting tools could be improved in Fortinet FortiSandbox.
With the 3000D we had some issues with the FortiOS version. I don't remember which one it was, however, there was an interaction problem or a performance issue. It might have been the FortiOS issue as it was a very particular, very specific issue and the performance was very high. All the indicators were in the highest levels and yet the equipment was not necessarily overloaded from doing analysis. I haven't interacted directly with these solutions. I mainly use it for design and not how they work, and therefore I haven't interacted directly with them. It would be hard for me to comment on missing features in general. The price just could be a little bit better, I would say, however, that depends a lot on the manufacturer. If you were to compare prices between vendors and manufacturers, you would see that the lowest equipment in the Sandbox line is quite expensive for a new customer. Those kinds of clients that don't have a very big budget or at least a medium one, need to rely on cloud solutions more than hardware, as hardware is expensive. It would be ideal if the product had the ability to, if it cannot detect something correctly, to be able to put it on hold until a new release. That would be very circumstantial, actually. However, it could help protect against unknown entities.
I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords.
The integration is limited. The solution needs to offer better integration with multiple vendors.
I'm not sure whether anything needs improvement because I feel we need to have more experience with it. Perhaps if there were issues where customers complained, that's when I would be able to comment on what could be improved. So far, I haven't come across any specific features that need improving. I'm content with the features of the product. If they plan to provide a feature that would make it easier for the customer to configure themselves, that would be appropriate. And possibly a user interface. As a service provider, the functionality is quite satisfactory.
It would be awesome if it can be integrated with other solutions. I would like to add one more feature because there are some tricks to deploy integration for all sorts in a product. I had that problem because when I had FortiSandbox, FortiLink, FortiClient, FortiManager, FortiLicense, there was one license for the integration, and the other license was called IOP or FortiAnalyzer. I would like to have one bundle or one license for each device. There should be one orchestrator for the integration because until now there have been two devices, which are the orchestrators for the integration. So most people are confused about how to use the right integration of the right Fortinet product.
Something that needs to improve, is the end-point protection.
At least once a week we have a false alarm. This needs to be adjusted so that we get fewer of these occurrences.
Sometimes, email remains in the queue, which is a problem that we have contacted support about. This is something that needs to be improved. The response time from technical support should be improved.
The licensing can be very confusing. It needs to be simplified. When choosing FortiSandbox, there are three different types of Licenses, but it doesn’t specify that it is for FortiSandbox, so you have a box for Sandboxing, then a separate box for hardware, and a separate one for the Cloud.
FortiSandbox could be improved. Fortinet took some time to include this feature and new technologies. They have to develop it more, because of the codes, the variables in the number of virtual environments and the number of virtual rules. They only provide eight or sometimes a maximum of fourteen virtual environments and the competitors are offering two hundred environments, so the number of environments offered it too small and needs to increase. Currently, this is one of the weakest capabilities with FortiSandbox. The integration has no enforcements, you cannot apply any action, you have to integrate it with Fortinet. For example, if a customer wants to have FortiSandbox, he has to purchase the entire Fortinet profile. This is not an advantage for Fortinet, compared to others that can be integrated easily with any technology and with any vendor. Fortinet will only integrate with itself. They are not leading in endpoints for FortiSandbox. The capabilities and features of this solution are not good. They have to enhance and develop the product to compete. In the next release, I would like to see machine learning and anti-exploitation included.
We would like to see the solution open to third parties.