Try our new research platform with insights from 80,000+ expert users

Fortinet FortiSIEM vs Microsoft Defender XDR comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiSIEM
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
73
Ranking in other categories
Security Information and Event Management (SIEM) (8th)
Microsoft Defender XDR
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
96
Ranking in other categories
Endpoint Detection and Response (EDR) (5th), Extended Detection and Response (XDR) (4th), Microsoft Security Suite (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Fortinet FortiSIEM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 3.1%, up 3.0% compared to last year.
Microsoft Defender XDR, on the other hand, focuses on Extended Detection and Response (XDR), holds 7.0% mindshare, up 6.9% since last year.
Security Information and Event Management (SIEM)
Extended Detection and Response (XDR)
 

Featured Reviews

Oliver Jackson - PeerSpot reviewer
Systems monitoring enhanced by firewall and intrusion detection features
My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification.  My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and…
Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is easy to use and user-friendly."
"It works well with medium to large-scale enterprises."
"It detects new technologies, vulnerabilities, and emerging threats on the internet."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"This solution offers extensive customization options, making it possible to adapt it precisely to their requirements."
"Easy alert setup which enables different alerts in different categories."
"The most valuable feature is the ability to view all the network events on a single pane and find the point of contact or point of the incident."
"The threat intelligence is excellent."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"Its most significant advantage lies in its affordability."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Microsoft Defender XDR is a complete package of different Defender solutions, including Defender for Endpoint, Defender for Office 365, Defender for Cloud, and Sentinel SIEM, among others."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
 

Cons

"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"There is no proper guide for integration or configuration."
"Not very good on non-API features, lacks that functionality."
"Patching is not great - we're not getting the support we'd expect."
"Its training can be improved. Its price also needs to be improved."
"The dashboard needs to improve."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
"The solution does not offer a unified response and standard data."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"Sometimes, configurations take much longer than expected."
"Just like in any solution, the price can always be cheaper."
"The licensing is a nightmare and has room for improvement."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
 

Pricing and Cost Advice

"Fortinet's products are not expensive, it is less than the competition."
"Fortinet FortiSIEM is cheaper compared to other products."
"FortiSIEM's licensing is based on EPS, and its pricing is competitive in the market."
"They have a yearly subscription."
"The price of Fortinet FortiSIEM was reasonable compared to other solutions."
"There are additional features that cost more than the standard licensing fees."
"Pricing is acceptable for more than 90% of our customers, as they normally get discounts."
"The solution is available for both, perpetual and subscription licenses."
"Purchasing Microsoft Defender XDR as part of a Microsoft 365 bundle can be cost-effective, but acquiring it as a standalone product may be more expensive."
"Microsoft 365 Defender offers competitive pricing."
"It is 15 dollars per server per month. It is worth it, but it can be costly. It depends on the company's size."
"The price of the solution is high compared to others and we have lost some customers because of it."
"Licensing is somewhat confusing, particularly when presenting our pitch decks to stakeholders and leveraging key features in premium SKUs, but we managed with some assistance from Microsoft."
"The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
"While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment."
"Its licensing and pricing are handled by someone else. My role is limited to incidents or issues with the portal, but you get what you pay for. It is worth the cost."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
9%
Government
7%
Comms Service Provider
7%
Computer Software Company
17%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortinet FortiSIEM?
Fortinet FortiSIEM needs to provide better API integrations to users.
What is your experience regarding pricing and costs for Fortinet FortiSIEM?
As a service, the cost is reasonable and affordable with scalable pricing based on the number of monitored devices. However, setting it up for oneself as an enterprise-licensed product can be quite...
What needs improvement with Fortinet FortiSIEM?
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a ...
What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
Licensing is somewhat confusing, particularly when presenting our pitch decks to stakeholders and leveraging key features in premium SKUs, but we managed with some assistance from Microsoft.
What needs improvement with Microsoft 365 Defender?
It would be beneficial to reduce the number of clicks required to navigate between blades, as the current navigation and breadcrumb system can be a bit confusing. Some inconsistencies exist between...
 

Also Known As

FortiSIEM, AccelOps
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
 

Overview

 

Sample Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Find out what your peers are saying about Fortinet FortiSIEM vs. Microsoft Defender XDR and other solutions. Updated: May 2023.
842,767 professionals have used our research since 2012.