Fortinet FortiSIEM and Microsoft Sentinel are both robust security information and event management (SIEM) solutions. Users are generally happier with the pricing and support of Fortinet FortiSIEM, but many find Microsoft Sentinel's features superior, believing it justifies the cost.
Features:Fortinet FortiSIEM's valuable features include extensive network performance monitoring, seamless hardware integration, and reliable log management. Microsoft Sentinel's valuable features include advanced threat detection, robust analytics, and integration with Azure services.
Room For Improvement:Fortinet FortiSIEM users suggest improvements in log management, user experience, and reporting capabilities. Microsoft Sentinel users desire better integration with third-party applications, more streamlined operational workflows, and a more user-friendly interface.
Ease Of Deployment and Customer Service:Fortinet FortiSIEM is reported to have a straightforward deployment and reliable customer service. Microsoft Sentinel also offers an easy deployment process, with Azure integration simplifying setup, and users generally positive about support.
Pricing and ROI:Fortinet FortiSIEM is generally perceived as more cost-effective with favorable ROI. Microsoft Sentinel, while often viewed as pricier, is considered worth the investment due to its extensive features and advanced capabilities, providing higher ROI for larger organizations.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
Our MTTR, mean time to response, improved by forty to fifty percent. Earlier, medium-severity incidents took two to three hours to resolve. Now, after Microsoft Sentinel, it is forty to fifty-five minutes.
For example, time saving on incidents is 40 to 50%, and previously, incident analysis took two to three hours, whereas now it takes 30 to 60 minutes.
Local tech support is available, however, for more critical or technical issues, we depend on the OEM directly, especially when it comes to on-prem solutions.
There is a knowledgeable, though small, team of support engineers around the world.
They take some time to respond because they need logs and investigations, which delays the response time.
Microsoft invests significantly in support, which is crucial for companies.
I believe Microsoft could improve by keeping customer service within the US for Microsoft Sentinel customers who are within state and federal government sectors.
Working with a Sentinel engineer helped us tune settings effectively.
At any point in time, when network devices increase or there is a change in the infrastructure, we can add more workers and collectors to expand our infrastructure setup.
Fortinet FortiSIEM is highly scalable.
Fortinet FortiSIEM is easy to scale.
There is no need to add hardware or redesign infrastructure because it is cloud-native.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
It stabilizes itself in an appropriate time, so its uptime is good.
These issues may cause unusual errors and user interface issues.
Some stability issues occur, but Fortinet's technical support team provides assistance.
I have never experienced any downtime, crashes, or performance issues with Microsoft Sentinel because it is SOC as a Service, so it maintains 100% uptime and scaling.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
Recently, they revised it to a subscription-based, all-inclusive license.
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products.
Fortinet FortiSIEM should broaden its remediation part to include more features for incident management.
Log ingestion and retention costs can grow quickly, and understanding which data source is driving cost is not always straightforward.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
Setting it up for oneself as an enterprise-licensed product can be quite expensive.
Windows agent licenses cost around 3,000 Rupees per device per year.
The revised model is subscription-based and more flexible.
It has been beneficial that Microsoft Sentinel is included as part of the Microsoft package, making it more cost-effective.
Microsoft Sentinel is not a low-cost SIEM.
Microsoft Sentinel is provided at no cost, so we didn't have any issues with the cost.
It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security.
I find the real-time monitoring and correlation capabilities effective for security alerts.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
| Product | Mindshare (%) |
|---|---|
| Microsoft Sentinel | 4.0% |
| Fortinet FortiSIEM | 2.3% |
| Other | 93.7% |
| Company Size | Count |
|---|---|
| Small Business | 34 |
| Midsize Enterprise | 22 |
| Large Enterprise | 24 |
| Company Size | Count |
|---|---|
| Small Business | 44 |
| Midsize Enterprise | 23 |
| Large Enterprise | 46 |
Fortinet FortiSIEM offers robust features like automation, real-time monitoring, and scalable log correlation. It integrates SOC and NOC, enhancing security by seamlessly managing data. A preferred choice for threat management, its comprehensive reports and competitive pricing add value.
Fortinet FortiSIEM serves as a comprehensive platform for security monitoring, threat detection, and incident management. It streamlines operations by integrating seamlessly with Fortinet and third-party tools, offering dynamic service discovery and user-friendly analytics. Leveraging its stable infrastructure, organizations conduct log analysis and behavioral monitoring across networks and applications. It supports compliance reporting and enhances security environments through integration with firewalls and security devices. Its cloud and on-premise options cater to regulatory and operational needs, while multitenant capabilities enable managed security service providers to extend robust security services. Users have highlighted areas for improvement in API integration, data retrieval speed, resource consumption, automation, and reporting flexibility.
What are the key features of Fortinet FortiSIEM?In healthcare, Fortinet FortiSIEM ensures compliance and secure health data management. Financial institutions utilize it for real-time monitoring and fraud detection, while educational sectors deploy for network security and data integrity. Service providers leverage its multitenant features for expansive client management.
Microsoft Sentinel offers cloud-native SIEM and SOAR capabilities with AI-powered threat detection, automated responses, and integration with Microsoft products. It is designed for comprehensive threat management with flexible deployment and scalability.
Microsoft Sentinel provides centralized management of cloud-based security monitoring and incident detection. Leveraging AI capabilities, it enhances threat intelligence and automation, allowing users to streamline security operations across cloud and on-premises systems. Microsoft Sentinel efficiently aggregates logs, correlates security events from multiple sources, and integrates seamlessly with Microsoft security offerings such as Defender. While its flexible deployment options and robust automation through playbooks are advantageous, users may encounter challenges with integration outside of Microsoft products, potential log ingestion delays, and a complex query language. The platform would benefit from enhanced speed, a simplified interface, improved query performance, and stronger documentation support.
What are the most important features of Microsoft Sentinel?In specific industries, Microsoft Sentinel is utilized for its capability to monitor cloud-based workloads and detect incidents effectively. Users in healthcare, finance, and retail adopt it for its strong AI-driven threat detection and its ability to integrate with existing Microsoft solutions, ensuring high-level security operations and compliance with industry standards.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
