What is our primary use case?
FortiSandbox was a solution that we mainly sold for manual protection, however, in order to have a more compact environment, like you see the security fabric that has Fortinet, in many of our clients, we performed integration within solutions. Our clients are mainly ones that have had Fortinet solutions previously or want to test Fortinet solutions. We also encourage them to use integration with Security Fabric.
Clients mainly use it for documents, or, for example, programs or execute tools that are injected in the network through the perimeter or through the DNC and also for internal analysis. When any of the users reconnect to the network after some time it will perform a check through FortiClient. They also have interaction with FortiSandbox - everything new is put in quarantine during the user's use. These files or execute tools are analyzed in the FortiSandbox.It can also analyze for scripts between documents or inside documents - mainly office documents like Excel, PowerPoint, or PDF.
What is most valuable?
Integration is one of the solution's most valuable aspects. You can integrate even third-party solutions so that they can send the information or files they quarantine through the FortiSandbox. That's one of the main features every customer relies on or likes.
The performance capacity is impressive. Normally, you will need a big solution, I would say, or big hardware so that you can handle all the processing you have to do. However, FortiSandbox is quite a good hardware in and of itself. You can handle it without any restrictions.
With an on-premises solution, you can do all the analysis locally and not have the need to connect to the internet to depend on that service.
The solution can scale, however, it needs to be planned ahead of time.
The technical support on offer is quite good.
What needs improvement?
With the 3000D we had some issues with the FortiOS version. I don't remember which one it was, however, there was an interaction problem or a performance issue. It might have been the FortiOS issue as it was a very particular, very specific issue and the performance was very high. All the indicators were in the highest levels and yet the equipment was not necessarily overloaded from doing analysis.
I haven't interacted directly with these solutions. I mainly use it for design and not how they work, and therefore I haven't interacted directly with them. It would be hard for me to comment on missing features in general.
The price just could be a little bit better, I would say, however, that depends a lot on the manufacturer. If you were to compare prices between vendors and manufacturers, you would see that the lowest equipment in the Sandbox line is quite expensive for a new customer. Those kinds of clients that don't have a very big budget or at least a medium one, need to rely on cloud solutions more than hardware, as hardware is expensive.
It would be ideal if the product had the ability to, if it cannot detect something correctly, to be able to put it on hold until a new release. That would be very circumstantial, actually. However, it could help protect against unknown entities.
What do I think about the stability of the solution?
I can't really speak to the stability. I haven't checked the functionalities of how they work in the current databases. So I don't have too much info about it.
What do I think about the scalability of the solution?
Part of the design is to know how the solution can scale. You normally try to leave some space. For example, you offer a customer the possibility to scale in the future, according to their needs, however, only if you know the customer is going to grow. If the customer doesn't have that need, it doesn't make any sense to offer them equipment with some space to grow or to have more processing capacity or more licenses in the future. I would say normally you would sell what the customer needs plus a 5% to 10% cushion for the future if needed. However, it would be a properly designed solution.
We usually work with medium to large-scale organizations.
How are customer service and technical support?
Technical support has been pretty good. I know they respond every time. It just takes a few hours. It doesn't take too much time to respond. They're helpful and you can count on them.
Which solution did I use previously and why did I switch?
We are also a reseller of Palo Alto solutions.
How was the initial setup?
In terms of the initial setup, I would say it is half straightforward and half complex. It depends on the scenario and it depends on the kind of things you want to do with the Sandbox, for example, the kind of files you want to analyze or which kind of OS or images you want to analyze. It also depends on the requirements. Sometimes it's harder to deploy due to the scenario, the use case.
Deployment times also vary, however, it takes, at minimum, 15 days to set everything up.
What's my experience with pricing, setup cost, and licensing?
The solution is a rather sizable investment. That said, for those organizations with sensitive data, that feed to know they are protected, it's likely worth the price tag.
What other advice do I have?
We are resellers of the product.
I worked as a systems engineer previously. I'm now a sales executive, however, previously, I was in charge of making all the designs and the architecture for the solutions, and therefore, I know the distribution of these products, how can they be used, and different scenarios. I know how to position, for example, a FortiGate inside of a network for network segmentation and also for perimeter protection. Working also for VPN solutions, we were using FortiClients in EMS. We can have a centralized solution for VPN and also endpoint protection.
In terms of versions we deployed, there was FortiSandbox 1000D and also FortiSandbox 3000D.
We try to integrate solutions together so they can have some feedback on each other and they can work better to provide security and to also sharpen the attack services.
If you don't want to have any zero-day malware on your network, if you know that you will be literally exposed to those kinds of malware, it's good to have a solution such as this. That said, it's a big, big investment. It's a big investment for a business. If you really want to protect your information, if you're dealing with very, very delicate information, you need some kind of hardware or solution that can protect it from any kind of malware, especially those from zero-day. This Sandbox would be a must-have solution for those kinds of customers.
I'd rate the solution at a nine out of ten. That would be dependant on what types of third-party software a company has that the solution could integrate with effectively.
Which deployment model are you using for this solution?