We performed a comparison between IBM Security QRadar and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Our users prefer IBM Security QRadar over Fortinet FortiSIEM. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"We have no complaints about the features or functionality."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Log aggregation and data connectors are the most valuable features."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Both the collecting logs and duo correlation are valuable features for us."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"Easy alert setup which enables different alerts in different categories."
"The solution’s IP database is awesome."
"The solution is easy to use and user-friendly."
"The stability is very reliable. It offers very good performance."
"The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install."
"Improves visibility and has a great new dashboard."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"The most valuable aspect of the solution is the integration capabilities on offer."
"I have found its network traffic log, network bit log, and QBI most valuable."
"The most valuable feature is the searching capability and real-time operational use."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Customer support service could be better."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."
"The dashboard needs to improve."
"Network detection and response is a separate product."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
"I would like to see the update process simplified."
"While the interface is easy to use, it could be a little more responsive."
"There are reports that I would like to generate that are either not included, or I cannot find."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
"The Indian tech support is not helpful."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Fortinet FortiSIEM is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Fortinet FortiSIEM is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, ThousandEyes and PRTG Network Monitor, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and ArcSight Logger. See our Fortinet FortiSIEM vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.