We compared Splunk Enterprise Security and Fortinet FortiSIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some FortiSIEM users found it effortless to install within a day or two. Others reported difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities, but reviewers say its analytics and AI capabilities need improvement. Fortinet FortiSIEM is considered an affordable solution with effective correlation features, but it falls short in terms of database monitoring and reporting.
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"We have no complaints about the features or functionality."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The UI-based analytics are excellent."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"FortiSIEM's best features are the dashboards and customization."
"FortiSIEM's log correlation is good."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"It's the completeness of the solution that we like the most."
"Compared to IBM QRadar, Splunk Enterprise Security offers faster alert resolution."
"The technical support has been very good. They are very responsive and have been helpful."
"The Splunk user community and forum are most valuable."
"The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature."
"Low barrier to start searching with the ability to normalize data on the fly."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"The reporting aspect is good and it does what I need it to do."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The AI capabilities must be improved."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"Network detection and response is a separate product."
"They should enhance the solution's AI capabilities, including XDR and EDR."
"We need to see incident reports about the event log, without events from the administrator or through human interaction."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"Splunk Enterprise Security has not helped reduce our alert volume."
"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"The threat detection system has room for improvement."
"The price has room for improvement."
"Technical support needs to be more responsive."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Fortinet FortiSIEM is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Fortinet FortiSIEM is most compared with IBM Security QRadar, Wazuh, LogRhythm SIEM, ThousandEyes and PRTG Network Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Fortinet FortiSIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
