Try our new research platform with insights from 80,000+ expert users

Fortinet FortiSIEM vs Microsoft Defender XDR comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiSIEM
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
73
Ranking in other categories
Security Information and Event Management (SIEM) (8th)
Microsoft Defender XDR
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
98
Ranking in other categories
Endpoint Detection and Response (EDR) (5th), Extended Detection and Response (XDR) (4th), Microsoft Security Suite (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Fortinet FortiSIEM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 3.1%, up 3.0% compared to last year.
Microsoft Defender XDR, on the other hand, focuses on Extended Detection and Response (XDR), holds 7.0% mindshare, up 6.9% since last year.
Security Information and Event Management (SIEM)
Extended Detection and Response (XDR)
 

Featured Reviews

Oliver Jackson - PeerSpot reviewer
Systems monitoring enhanced by firewall and intrusion detection features
My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification.  My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and…
Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We find the solution to be stable."
"The most valuable feature is the anomaly-reporting alarms."
"FortiSIEM's best features are the dashboards and customization."
"Fortinet FortiSIEM is highly scalable. I would rate its scalability nine out of ten."
"The most valuable feature is the ability to view all the network events on a single pane and find the point of contact or point of the incident."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"The most fascinating aspect of FortiSIEM is its integration with the MITRE ATT&CK framework."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"Microsoft Defender XDR has significantly improved our operational security."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"Its most significant advantage lies in its affordability."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"The Email Explorer feature has proven invaluable, offering a broader perspective than automated alerts and incidents alone."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
 

Cons

"The dashboard needs to improve."
"The stability of the product is an area of concern where improvements are required."
"The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"FortiSIEM is a bit resource-hungry, so work should be done on hardware resource utilization to consume less hardware."
"There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"The initial time spent setting up and configuring Defender XDR is a bit longer than the other solutions. If everything were on one portal, the platforms for managing policies or alerts would be simpler. We must automate and manage policies on Intune rather than the same portal."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"I do think that maybe having a feature within my organization where there are three different domains within which we have to operate would be helpful, as there is currently no unified view within the domains."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
 

Pricing and Cost Advice

"Please be cheaper and more simplified."
"The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license."
"This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
"There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months."
"The tool is really expensive. For what the tool does for our team, the price is fair."
"There are additional features that cost more than the standard licensing fees."
"They have a yearly subscription."
"The price of Fortinet FortiSIEM was reasonable compared to other solutions."
"Sometimes 365 Defender is expensive, but it can be moderate, depending on the organization's size and the license type. We're satisfied with the cost because it gives us a product that protects our entire environment with DLP. To compromise some cost, of course, we are to complete the most secure environment."
"Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
"I believe the pricing is fair and acceptable. I consider it to be reasonable and satisfactory."
"While the standalone price of Defender XDR might seem high, its value becomes clear when considering the ease of implementation and smooth integration with our existing Microsoft infrastructure, especially when bundled with other Microsoft products."
"While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment."
"Defender XDR is included in the E5 license, but it's a bit too expensive."
"Purchasing Microsoft Defender XDR as part of a Microsoft 365 bundle can be cost-effective, but acquiring it as a standalone product may be more expensive."
"Understanding the subscription model has been a bit challenging, as every feature or requirement comes with an additional cost."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
9%
Government
7%
Comms Service Provider
7%
Computer Software Company
17%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortinet FortiSIEM?
Fortinet FortiSIEM needs to provide better API integrations to users.
What is your experience regarding pricing and costs for Fortinet FortiSIEM?
As a service, the cost is reasonable and affordable with scalable pricing based on the number of monitored devices. However, setting it up for oneself as an enterprise-licensed product can be quite...
What needs improvement with Fortinet FortiSIEM?
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a ...
What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
Licensing is somewhat confusing, particularly when presenting our pitch decks to stakeholders and leveraging key features in premium SKUs, but we managed with some assistance from Microsoft.
What needs improvement with Microsoft 365 Defender?
There is nothing I can think of at the moment that needs improvement. I am a contractor and finishing up soon, so I haven't encountered any issues requiring enhancements.
 

Also Known As

FortiSIEM, AccelOps
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
 

Overview

 

Sample Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Find out what your peers are saying about Fortinet FortiSIEM vs. Microsoft Defender XDR and other solutions. Updated: May 2023.
849,190 professionals have used our research since 2012.