Fortinet FortiSIEM and Microsoft Sentinel are both robust security information and event management (SIEM) solutions. Users are generally happier with the pricing and support of Fortinet FortiSIEM, but many find Microsoft Sentinel's features superior, believing it justifies the cost.
Features:Fortinet FortiSIEM's valuable features include extensive network performance monitoring, seamless hardware integration, and reliable log management. Microsoft Sentinel's valuable features include advanced threat detection, robust analytics, and integration with Azure services.
Room For Improvement:Fortinet FortiSIEM users suggest improvements in log management, user experience, and reporting capabilities. Microsoft Sentinel users desire better integration with third-party applications, more streamlined operational workflows, and a more user-friendly interface.
Ease Of Deployment and Customer Service:Fortinet FortiSIEM is reported to have a straightforward deployment and reliable customer service. Microsoft Sentinel also offers an easy deployment process, with Azure integration simplifying setup, and users generally positive about support.
Pricing and ROI:Fortinet FortiSIEM is generally perceived as more cost-effective with favorable ROI. Microsoft Sentinel, while often viewed as pricier, is considered worth the investment due to its extensive features and advanced capabilities, providing higher ROI for larger organizations.
The platform has resulted in time saved and reduces mean time to response, making it a great platform.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
Our MTTR, mean time to response, improved by forty to fifty percent. Earlier, medium-severity incidents took two to three hours to resolve. Now, after Microsoft Sentinel, it is forty to fifty-five minutes.
We attribute our growth to Sentinel.
Local tech support is available, however, for more critical or technical issues, we depend on the OEM directly, especially when it comes to on-prem solutions.
There is a knowledgeable, though small, team of support engineers around the world.
The customer support for Fortinet FortiSIEM is excellent.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Microsoft invests significantly in support, which is crucial for companies.
Working with a Sentinel engineer helped us tune settings effectively.
At any point in time, when network devices increase or there is a change in the infrastructure, we can add more workers and collectors to expand our infrastructure setup.
Fortinet FortiSIEM is highly scalable.
Fortinet FortiSIEM's scalability is excellent, and it is also easy to configure, maintain, and operate.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
There is no need to add hardware or redesign infrastructure because it is cloud-native.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
It stabilizes itself in an appropriate time, so its uptime is good.
These issues may cause unusual errors and user interface issues.
Some stability issues occur, but Fortinet's technical support team provides assistance.
So far, we have not experienced any issues, and it has been stable from the beginning.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
Recently, they revised it to a subscription-based, all-inclusive license.
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products.
Fortinet FortiSIEM should broaden its remediation part to include more features for incident management.
Log ingestion and retention costs can grow quickly, and understanding which data source is driving cost is not always straightforward.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
Setting it up for oneself as an enterprise-licensed product can be quite expensive.
Windows agent licenses cost around 3,000 Rupees per device per year.
The revised model is subscription-based and more flexible.
It has been beneficial that Microsoft Sentinel is included as part of the Microsoft package, making it more cost-effective.
Microsoft Sentinel is not a low-cost SIEM.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security.
I find the real-time monitoring and correlation capabilities effective for security alerts.
Reliability and scalability have helped me in my work, especially because the license for Fortinet FortiSIEM is excellent from a cost perspective, and we can add more collectors as we expand.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
| Product | Market Share (%) |
|---|---|
| Microsoft Sentinel | 5.0% |
| Fortinet FortiSIEM | 2.8% |
| Other | 92.2% |
| Company Size | Count |
|---|---|
| Small Business | 34 |
| Midsize Enterprise | 22 |
| Large Enterprise | 24 |
| Company Size | Count |
|---|---|
| Small Business | 38 |
| Midsize Enterprise | 22 |
| Large Enterprise | 45 |
FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.
Companies around the world use FortiSIEM for the following use cases:
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
