Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Fortinet FortiSIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Security Information and Event Management (SIEM)
5th
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
63
Ranking in other categories
Log Management (7th), Endpoint Detection and Response (EDR) (16th), Security Orchestration Automation and Response (SOAR) (6th), Extended Detection and Response (XDR) (8th)
Fortinet FortiSIEM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
73
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of February 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Elastic Security is 7.2%, down from 9.6% compared to the previous year. The mindshare of Fortinet FortiSIEM is 3.0%, down from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Nikhil-Kumar - PeerSpot reviewer
Customizable with great dashboards but the premium support is poor
The initial setup can be complex if you don't have technical knowledge. However, once it is deployed, it works well. I'm not sure how long it took to deploy. I wasn't there when it was set up and configured. We have an internal team that handles deployment and maintenance. It doesn't require too many people to deploy. Five or six people would be enough. However, for 24/7 monitoring, you need to have someone always on it.
Oliver Jackson - PeerSpot reviewer
Systems monitoring enhanced by firewall and intrusion detection features
My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification.  My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"Elastic Security offers advanced features such as machine learning and integration with ChatGPT."
"The most valuable feature is the machine learning capability."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"The visualization is very good."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"The stability is very reliable. It offers very good performance."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"It works well with medium to large-scale enterprises."
"FortiSIEM allows you to match IPs with threat intelligence feeds from sources like Kaspersky or Anomali, adding valuable context."
 

Cons

"The solution's query building is not that intuitive compared to other solutions."
"Sometimes, the solution isn't the easiest to use."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"The interface could be more user friendly because it is sometimes hard to deal with."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"It could use maybe a little more on the Linux side."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"I would like to see more integration with other platforms."
"We need to see incident reports about the event log, without events from the administrator or through human interaction."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
"Fortinet FortiSIEM could improve by having a signature update."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"FortiSIEM could be better integrated with other vendors."
"Fortinet FortiSIEM needs to provide better API integrations to users."
"The stability of the product is an area of concern where improvements are required."
 

Pricing and Cost Advice

"There is no charge for using the open-source version."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"Compared to other products such as Dynatrace, this is one of the cheaper options."
"Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year. I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement."
"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
"Compared to other tools, Elastic Security is a cheaper solution."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"The solution is free."
"The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
"We pay for a license for FortiSIEM. We pay for the license and renewal."
"There are additional features that cost more than the standard licensing fees."
"This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
"They have a yearly subscription."
"Pricing is acceptable for more than 90% of our customers, as they normally get discounts."
"If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap."
"Manageable, however would be better as pay as you go versus CapEX."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
838,713 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
10%
Financial Services Firm
10%
University
7%
Computer Software Company
15%
Financial Services Firm
9%
Government
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Elastic Security is considered cost-effective, especially at lower EPS levels. However, a direct comparison was not made due to different pricing structures.
What do you like most about Fortinet FortiSIEM?
Fortinet FortiSIEM needs to provide better API integrations to users.
What is your experience regarding pricing and costs for Fortinet FortiSIEM?
As a service, the cost is reasonable and affordable with scalable pricing based on the number of monitored devices. However, setting it up for oneself as an enterprise-licensed product can be quite...
What needs improvement with Fortinet FortiSIEM?
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a ...
 

Also Known As

Elastic SIEM, ELK Logstash
FortiSIEM, AccelOps
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
Find out what your peers are saying about Elastic Security vs. Fortinet FortiSIEM and other solutions. Updated: January 2025.
838,713 professionals have used our research since 2012.