We performed a comparison between Fortinet FortiSandbox and Microsoft Defender for Identity based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of the solution is that the performance it offers to users is good, making it useful for us in our company."
"The GUI makes administration tasks straightforward."
"One of the valuable features is its ability to detect new threats."
"Compared to other solutions, it's easy to configure and implement because of the templates. The timing of scanning files is faster."
"The initial setup is straightforward."
"FortiSandbox analyzes the behavior of processes in a sandbox environment, which is useful for threat hunting. The solution has an excellent standard configuration, and you can prioritize the types of files of VMs you want to analyze. It also integrates seamlessly with other Fortinet solutions, like FortiGate, FortiMail, and FortiEMS."
"The most valuable feature is the protection and the way it works, the technology is what I like the most."
"Integration is one of the solution's most valuable aspects. You can integrate even third-party solutions so that they can send the information or files they quarantine through the FortiSandbox"
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"This solution has advanced a lot over the last few years."
"The solution offers excellent visibility into threats."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"All the integration it has with different Microsoft packages, like Teams and Office, is good."
"There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment."
"The initial setup is not too complex but could be easier."
"At least once a week we have a false alarm. This needs to be adjusted so that we get fewer of these occurrences."
"Fortinet FortiSandbox should improve its performance and security accuracy to keep competitive with other solutions, such as IBM."
"Fortinet FortiSandbox can improve by decreasing the time of analysis response. Other solutions have a better response time, such as WildFire."
"I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords."
"The area I would like this solution to be improved in is the integrations for Sandbox with AI and big data ML mechanisms. I think this would be a practical improvement."
"Product could include a user interface and be made simpler for customers to configure."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"The tracking instance needs to be configured appropriately."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
More Microsoft Defender for Identity Pricing and Cost Advice →
Fortinet FortiSandbox is ranked 5th in Advanced Threat Protection (ATP) with 35 reviews while Microsoft Defender for Identity is ranked 6th in Advanced Threat Protection (ATP) with 13 reviews. Fortinet FortiSandbox is rated 8.2, while Microsoft Defender for Identity is rated 9.0. The top reviewer of Fortinet FortiSandbox writes "Light and powerful solution design; useful to have". On the other hand, the top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". Fortinet FortiSandbox is most compared with Palo Alto Networks WildFire, Trellix Network Detection and Response, Check Point SandBlast Network, Microsoft Defender for Office 365 and Fortinet FortiEDR, whereas Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Sentinel. See our Fortinet FortiSandbox vs. Microsoft Defender for Identity report.
See our list of best Advanced Threat Protection (ATP) vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.