Fortinet FortiSandbox and Microsoft Defender for Identity compete in the cybersecurity solution space. Fortinet FortiSandbox seems to have the upper hand in integration and email threat detection, while Microsoft Defender for Identity provides strong identity security and integration with its broader ecosystem.
Features: Fortinet FortiSandbox offers robust threat protection, particularly against ransomware, and integrates seamlessly with the Fortinet ecosystem for enhanced security. It allows manual scans for in-depth threat analysis and is effective in detecting email threats. Microsoft Defender for Identity focuses on identity security, specializing in detecting lateral movement and providing visibility into user activities. Its integration with Microsoft Sentinel enhances threat analysis capabilities.
Room for Improvement: Fortinet FortiSandbox could benefit from enhanced virtual environment capabilities and better integration with third-party solutions. Simplifying the licensing process and expanding its machine learning features would also be advantageous. Microsoft Defender for Identity can improve direct remediation actions from alerts and better integrate with non-Microsoft environments. Addressing issues with false positives and improving alert accuracy are areas needing attention.
Ease of Deployment and Customer Service: Fortinet FortiSandbox can be deployed across on-premises and hybrid cloud environments but faces challenges with technical support responsiveness. Microsoft's solution is primarily deployed in public clouds with some on-premises options. While Microsoft benefits from integration within its ecosystem, both providers could enhance support responsiveness. Fortinet is often seen as more approachable in support, but both can improve escalation and issue resolution processes.
Pricing and ROI: Fortinet FortiSandbox is considered expensive, with complex licensing, yet it shows a positive ROI by preventing costly security breaches. Microsoft Defender for Identity, being part of the Microsoft 365 suite, is more affordable for existing Microsoft users but is still relatively expensive compared to other products. It offers flexible feature purchases, contributing to cost-effectiveness. Both solutions demonstrate strong ROI by preventing significant cybersecurity threats.
Sometimes the technical engineer is very good and helpful, and sometimes we go through many processes until it gets escalated to a higher level or to another advanced technical engineer.
The people I normally use for support are very knowledgeable, especially when they help remote in and get to where I need to go and show me much faster and help me understand what I should be doing.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
Generally, the support is more effective than other providers like Oracle.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
Fortinet FortiSandbox works fine, is easy to manage, and functions well.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
We do not see any issues with the stability of Microsoft Defender for Identity.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
I think Fortinet FortiSandbox could introduce more automation tools and AI tools.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft.
Reducing false positives is something we've been working on with Microsoft.
The cost is in the mid-range.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
the Microsoft Defender Suite is quite expensive, especially when integrated into Sentinel.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
The smooth integrations between Fortinet FortiSandbox and other Fortinet solutions such as FortiWeb and FortiFirewall and with other Fortinet environments are what I really appreciate.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.
Microsoft Defender for Identity definitely helps decrease the time of detection and response.
| Product | Mindshare (%) |
|---|---|
| Fortinet FortiSandbox | 5.3% |
| Microsoft Defender for Identity | 3.8% |
| Other | 90.9% |
| Company Size | Count |
|---|---|
| Small Business | 15 |
| Midsize Enterprise | 13 |
| Large Enterprise | 9 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 4 |
| Large Enterprise | 14 |
Fortinet FortiSandbox is a behavior-based threat detection solution that prevents and detects malicious code in files transferred within the organization. It is integrated with FortiGate firewalls and FortiMail for threat protection and can be used for monitoring and reporting. The solution inspects files in a virtual environment with different types of virtual machines and can block or quarantine files based on their score.
The most valuable features include dynamic behavior analysis, manual scan features, easy management and configuration, fast scanning, scalability, customization, and ICAP protocol. The solution is cost-effective and faster than other sandbox solutions, with a good user interface.
Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.
Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.
What are the key features of Microsoft Defender for Identity?In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
