We just raised a $30M Series A: Read our story

Fortinet FortiEDR Competitors and Alternatives

Get our free report covering Fortinet, SentinelOne, CrowdStrike, and other competitors of Fortinet FortiEDR. Updated: October 2021.
541,708 professionals have used our research since 2012.

Read reviews of Fortinet FortiEDR competitors and alternatives

Mike Parsons
Senior CyberSecurity Architect and Mentor at BlueTeamAssess LLC
Real User
Top 10
Reliable, scalable and very simple to set up

Pros and Cons

  • "The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this."
  • "The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?""

What is our primary use case?

The primary use case is basically having a synchronized perspective on what's going on between endpoints, firewalls, and whatever other types of preventative measures the customer has. 

How has it helped my organization?

The fewer panes of glass you've got to go to to try to investigate an event, the better off you are. If there's some automation that goes on within the fabric, or whatever you want to call it, this coordinated effort, then you're going to come out ahead as a small organization. Sophos has one pane of glass, so it gives good visibility. There's less time spent in front of the screen because I have confidence in the automation that's going on.

What is most valuable?

It's been pretty reliable. There's been a few times when it hasn't just taken care of problems. The automation is very convenient.

There's Sophos Central where the customer has a single pane of glass. You can manage everything. 

The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this.

It has a Linux version that's available. 

What I look for in dealing with small businesses, is for something that is not going to add to their staffing requirements significantly in terms of management. That's true with both Sophos as with Fortinet. 

There's great situational awareness within all the other components. If I have a workstation, usually they're just taking care of everything without me even knowing about it unless I go into the logs and see what's been cleaned up. I don't care if something gets cleaned up, I do care if something doesn't get cleaned up. My reporting is set to an on exception basis to ensure I don't have a firehose of information pointed at me to overwhelm me. Customers don't generally want to know every little thing that's happening on their network. What they want to know is if something has happened that puts their environment or their infrastructure in jeopardy. Sophos does this exceptionally well.

The pricing of the solution is quite good.

What needs improvement?

The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?" I see that all the time. That's a question I always have in the reports I give my customers. "Okay. So this happened last month. And as you can see, there were all these attacks knocking at the door, but none were allowed through." If someone got through, then I'm going to be concerned.

For how long have I used the solution?

I've been working with this solution alongside a customer for two years now.

What do I think about the stability of the solution?

The stability is great. We've never had issues with its reliability. It doesn't crash or freeze. There aren't bugs or glitches. It protects us well.

What do I think about the scalability of the solution?

The solution scales really well. They have great resources on hand for managing it within the cloud. I haven't found any issues with capacity. I've never heard of anyone ever having issues in that regard.

Typically we deal with small businesses. When I say "small business" I am referring to a company of around 250 people.

How are customer service and technical support?

Technical support has been very, very good. They're reliable and knowledgable. We've been satisfied with the level of service provided. 

Which solution did I use previously and why did I switch?

We also have experience with Fortinet. Fortinet has what they call their security fabric, which does about the same thing. Basically you have a number of different products, different solutions, and it's all under a single pane of glass and everything's coordinated so that any member or any component of that fabric or synchronized security is aware, has situational awareness of what other components are experiencing. If there's an attack that breaks out in one place, then there's going to be the opportunity for basically isolating that particular component so that it doesn't allow lateral movement.

I've used other solutions. The reason that I like Sophos is mostly due to the synchronized security and cloud management. Other solutions that I've dealt with have been point solutions. I've needed to figure out how to get that situational awareness between the different points. You have to do that. The name of the game these days is to evade the parameter. I have to not only protect the endpoint as if there was no firewall, but I also have to make sure that I've got as much intelligence going on about the state of my internal network so that everybody knows what's happening next door to them.

How was the initial setup?

The initial setup was a piece of cake. It wasn't complex at all. It's very straightforward.

What's my experience with pricing, setup cost, and licensing?

I can justify the pricing for customers and I can explain what they're doing from a pricing standpoint in terms of the different risks that they're handling. I'm all about risk management. Unfortunately, we lose awareness of that, the calculus that goes into that when nothing's going wrong. 

You have to ask: what are you trying to protect? What are you willing to spend to protect that, and what's your expected loss if something happens? You have to look at all things and then decide if the number is fair. I'd argue that it is.

What other advice do I have?

We're partners with Sophos. We're a consulting company and we provide some managed services. Sophos products are some that I deploy and manage for my customers.

I don't have the EDR or any of the really sophisticated stuff. The client doesn't think that they have a need to go to another level. 

I don't have EDR or MTR deployed for the customer. I work primarily with small businesses. So sometimes it's kind of hard to get them to invest more than what they feel comfortable doing.

Other organizations should give it serious consideration if they are looking for a solution. The price point is not unreasonable and the management and the continued evolution that I see within the product means that they're not sitting on their haunches waiting for the next big thing. They're constantly moving forward, trying to keep abreast of what's going on. 

We're in an arms race when it comes to cybersecurity. When you look at SophosLabs out of the UK and the work that they're doing in their blogs like Naked Security and whatnot, they're constantly in the forefront, constantly trying to find different threats. It's impressive, to say the least. All of that percolates down into their product because that's what drives their product.

I'd rate the solution at eight out of ten. The solution is consistently showing me that it has a very effective rubric that it follows through on in terms of identifying and remediating, particularly in the area of ransomware. They can handle everything without having to have somebody get down in the weeds and recover things. I like the automation that it brings into the work that's done. That was the wow factor that drew me to them, to begin with.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AS
Cyber Security Engineer at a tech services company with 11-50 employees
Reseller
Top 20
This product does not provide what it needs to or what it says it does for proper Endpoint Detection and Response

Pros and Cons

  • "The dashboard actually is good and it is simple."
  • "The product has major problems in almost every facet of setup and use including setup, configuration, lack of functionality, lack of stability, false positives, questionable reporting, inability to protect from randsomeware and poor technical support and development."

What is our primary use case?

My job position is Cybersecurity Engineer. We use the solution as an EDR or endpoint detection response. As EDR is, it is not the primary endpoint protection as it can not control the risk. This product is working as behavior monitoring for the end users. These monitoring products are not controlling the endpoint. For controlling the endpoint, you can use EPP (Endpoint Protection) products like Symantec Endpoint Protection, Trend Micro Endpoint Protection, one that was called OfficeScan — now the updated one is called Apex One — or other strong endpoint protection solutions like Sophos Intercept X and so on. But Malwarebytes is just EDR. EDR is mainly for detecting usage behaviors. It is evaluation and it is not technically protection for the user environment.  

What is most valuable?

The interface is not so bad. The dashboard actually is good. It is simple. But it is not able to produce simulated attacks.  

What needs improvement?

I know of more than ten critical cases with clients which affect their use of the product adversely. We work with the Malwarebytes company a lot and have discussed the existing problems with the manager of Research and Development. He would not just say "You are right." But even though he knows that there are issues, there have been no changes in the results and improvements with the product even up until now.  

I want to help secure the environments of the clients I work for. I want to benefit a lot of people, a lot of clients and a lot of users. I have specific things, technical details for each feature and each use case that I have worked on. But the company is not making the broader changes they need to in the product to make it an effective solution.  

The most obvious problem is that basically the product comes up with a lot of false positives. This needs to be resolved.  

There are other particular pain points with the current solution which have to do with the reporting and the problems with difficulty of installation. But these are still not the biggest problems for people using the product.   

An additional feature I would like to see is a randsomeware roll back for 72 hours and for 100 GB of files. It is supposed to be a feature in the EDR to defend against randsomeware. But we cannot stop ransomware with EDR. We are supposed to be able to roll back the encrypted files. But it is a fact that, in production, we can not effectively roll back the ransomwares and encrypted files after this kind of attack. The company fails to say we can not go back. It is an important feature in these products and to the clients. But it is not effective.  

For how long have I used the solution?

I have been implementing this solution as a technical consultant in IT and I have implemented this solution more and more over time starting one year ago.  

What do I think about the stability of the solution?

The product is not stable. It is not broken all the time but the stability of this solution needs to be improved.  

How are customer service and technical support?

They have not been receptive to our suggestions about the product and have not resolved the issues that we have reported in great detail.  

Which solution did I use previously and why did I switch?

We are currently looking for a new solution because I am not satisfied with the product or the effort of the vendor to meet the needs of users. I have gone through the trouble of making a table for competition analysis between various vendors to see how they compare and that includes several vendors of EDR solutions including Malwarebyte, enSilo, CrowdStrike, Carbon Black and SentinelOne. I think we will end up working with Carbon Black or CloudStrike. But the current solution with malwarebytes does not perform well enough to properly protect our clients.   

How was the initial setup?

I find that the setup and configuration are complex and difficult.  

What about the implementation team?

We are the ones who do the installations and implementation.  

What other advice do I have?

I have a lot of baggage with this product because of problems I have with the customers, the implementation, the configuration, the settings — it is very, very troublesome. There are various players on the course now. Some solutions may perform better.  

I have had a bad experience with Malwarebyte in general. There are a lot of issues I have caught. I wrote these issues down to compile them and then I sent the information to Malwarebyte. Over some time, there was no improvement from the research and development or technical support from this vendor. I have only a few words about this product: It is not good yet. But they have also show almost no interest in improving it.  

The proxy setting is a very nice feature. But, with that, you can not remove the proxy settings for the clients who are going out of the office for travel. You have to go to each laptop and write a manual cmd (command line) script to remove the proxy settings. It should not be done this way. It is just another example. 

On a scale from one to ten with one being the worst and ten being the best, I would rate this product as a one-and-a-half. It is one of the worst products which I have ever used. If I have to choose a whole number it does not round up, it will round down to a one.  

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
LG
Head of IT Operations at Puerta de Hierro Hospitals
User
Top 20
Great for remote workers with excellent endpoint agents and easy communication with the console

Pros and Cons

  • "The communication with the console is very dynamic and remote, without the need to return to the computer locally."
  • "There needs to be compatibility with the most recent versions of the various operating systems."

What is our primary use case?

The main option for which this solution is used is to have all the peripheral equipment protected - avoiding risks due to malware and viruses. The solution can be managed by device, with filtering and analysis of the information of all collaborators available there. 

It's used to analyze emails from key users and for content filtering rules. It does not allow dangerous downloads, which protects the work of the organization outside the main network. It gives tools to the collaborators to make the work outside the installations (home office) easy.

How has it helped my organization?

With COVID affecting the world, a solution was needed that could be able to provide security at workstations outside of the organization itself. With the sandblast tool, coverage is made on the equipment that we provide (laptops) and employees can carry out their activities from home. The tool has provided us with security to ensure that the computers are protected while also providing information analysis. It offers easy control and implementation of content filtering rules. Thus, you have control of all the organization's teams outside and within the operational network.

What is most valuable?

The endpoint agents, which can be installed in one go, are great. The communication with the console is very dynamic and remote, without the need to return to the computer locally. 

From the administration console, we can generate content filtering rules and labels, as well as run an analysis of emails and downloads that the collaborator does to fulfill their functions. Informing the administrator of threats by mail gives us the facility to detect real-time vulnerabilities in order to continue fulfilling the objective of safeguarding the information of the organization.

What needs improvement?

There needs to be compatibility with the most recent versions of the various operating systems. They need to be up-to-date with the signatures of new viruses and the latest ramsonware. With the encompassing of all its solutions in one platform, there should be artificial intelligence for specific analysis to thus be able to anticipate and detect unique risks to the organization. 

To be able to count on the administration console on any device and online cloud would be ideal. We would like there to be no need to install clients as executables.

For how long have I used the solution?

I've been using the solution for one year.

What do I think about the scalability of the solution?

We like the idea of ​​continuing to implement more solutions offered by Harmony.

How are customer service and technical support?

Technical support is good. They comply when we need support or have product questions.

Which solution did I use previously and why did I switch?

No, Sandblast was chosen as the first option.

What's my experience with pricing, setup cost, and licensing?

The solution meets our business needs. 

Which other solutions did I evaluate?

We did look at Fortinet solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Syed Faisal
ICT Manager at SecurEyes
Real User
Top 5
Easy to use, stable, and not heavy on system resources

Pros and Cons

  • "FireEye Endpoint Security is easy to use and lightweight compared to others."
  • "Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive."

What is our primary use case?

We are using this solution for endpoint security against cyber attacks.

What is most valuable?

FireEye Endpoint Security is easy to use and lightweight compared to others.

What needs improvement?

Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive.

For how long have I used the solution?

I have been using FireEye Endpoint Security for a couple of months.

What do I think about the scalability of the solution?

This solution is scalable. However, it could improve to be able to be handle large-scale operations. The OS most systems are running I am not sure it can handle a lot of nodes but many companies are coming out with cloud options that should be able to manage much more nodes.

How are customer service and technical support?

Technical support can take some time to respond on the first level. They could improve the speed at which they resolve and handle support.

What about the implementation team?

We have an administrator and engineer that does the implementation and maintenance of the solution.

Which other solutions did I evaluate?

I have evaluated Carbon Black and FortiEDR.

What other advice do I have?

I would not recommend this solution to others. However, if you have a small budget then this solution could be a second option.

I rate FireEye Endpoint Security an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Get our free report covering Fortinet, SentinelOne, CrowdStrike, and other competitors of Fortinet FortiEDR. Updated: October 2021.
541,708 professionals have used our research since 2012.