Fortinet FortiSIEM vs Microsoft Sentinel comparison

Fortinet and Microsoft are both solutions in the Security Information and Event Management (SIEM) category. Fortinet is ranked #8 with an average rating of 7.8, while Microsoft is ranked #3 with an average rating of 8.4. Fortinet holds a 3.2% mindshare in SIEM, compared to Microsoft’s 8.7% mindshare. Additionally, 82% of Fortinet users are willing to recommend the solution, compared to 93% of Microsoft users who would recommend it.

Fortinet FortiSIEM

Read 73 Fortinet FortiSIEM reviews

5,005 Views
3,335 Comparison Views

82% willing to recommend

Microsoft Sentinel

Read 89 Microsoft Sentinel reviews

16,740 Views
9,816 Comparison Views

93% willing to recommend

Fortinet FortiSIEM

Microsoft Sentinel

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

Fortinet FortiSIEM and Microsoft Sentinel are both robust security information and event management (SIEM) solutions. Users are generally happier with the pricing and support of Fortinet FortiSIEM, but many find Microsoft Sentinel's features superior, believing it justifies the cost.

Features:Fortinet FortiSIEM's valuable features include extensive network performance monitoring, seamless hardware integration, and reliable log management. Microsoft Sentinel's valuable features include advanced threat detection, robust analytics, and integration with Azure services.

Room For Improvement:Fortinet FortiSIEM users suggest improvements in log management, user experience, and reporting capabilities. Microsoft Sentinel users desire better integration with third-party applications, more streamlined operational workflows, and a more user-friendly interface.

Ease Of Deployment and Customer Service:Fortinet FortiSIEM is reported to have a straightforward deployment and reliable customer service. Microsoft Sentinel also offers an easy deployment process, with Azure integration simplifying setup, and users generally positive about support.

Pricing and ROI:Fortinet FortiSIEM is generally perceived as more cost-effective with favorable ROI. Microsoft Sentinel, while often viewed as pricier, is considered worth the investment due to its extensive features and advanced capabilities, providing higher ROI for larger organizations.

To learn more, read our detailed Fortinet FortiSIEM vs. Microsoft Sentinel Report (Updated: December 2024).

Buyer's Guide

Fortinet FortiSIEM vs. Microsoft Sentinel

December 2024

Download the complete report

Helped 824,053 peers since 2012

Categories and Ranking

Fortinet FortiSIEM

Ranking in Security Information and Event Management (SIEM)

8th

Average Rating

7.6

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

3rd

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (5th)

Mindshare comparison

As of December 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Fortinet FortiSIEM is 3.2%, up from 3.3% compared to the previous year. The mindshare of Microsoft Sentinel is 8.7%, down from 10.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

HamedWasel

Senior Network Security Engineer at Orange

It's cheaper than other solutions with the same features but lacks integration with many third-party vendors

FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors. I would also like to see FortiSIEM add more of the features available in FortiSOAR. You need to buy two separate solutions to get these features, but they should all be available in one product.

Read full review

Nitin Arora

Security Delivery Senior Analyst at Accenture

Gives us one place to investigate and respond to threats, and automation eliminates manual work

They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The primary valuable feature is that it has replaced a whole lot of other products with one platform."

"The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."

"The most valuable feature is the anomaly-reporting alarms."

"It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security."

"FortiSIEM's best features are the dashboards and customization."

"It detects new technologies, vulnerabilities, and emerging threats on the internet."

"FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."

"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."

More Fortinet FortiSIEM pros

"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."

"We feel safe knowing that we have a solution that we can use to react in case of an emergency."

"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."

"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."

"Log aggregation and data connectors are the most valuable features."

"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."

"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."

"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."

More Microsoft Sentinel pros

Cons

"The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products."

"There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore."

"The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."

"The solution's technical support didn't help our company a lot."

"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."

"The nodes on our network did not comply with the SIEM solution. They use a different format parking log."

"The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products."

"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."

More Fortinet FortiSIEM cons

"I would like to be able to monitor applications outside of the Azure Cloud."

"There is room for improvement in terms of integrations."

"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."

"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."

"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."

"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."

"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."

"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."

More Microsoft Sentinel cons

Pricing and Cost Advice

"The price of Fortinet FortiSIEM was reasonable compared to other solutions."

"Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."

"Fortinet FortiSIEM is cheaper compared to other products."

"There are additional features that cost more than the standard licensing fees."

"The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license."

"Please be cheaper and more simplified."

"If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap."

"There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months."

More Fortinet FortiSIEM pricing and cost advice

"The product is costly compared to Splunk."

"From a cost perspective, Microsoft Sentinel is quite costly."

"Microsoft Sentinel is expensive."

"The pricing is fair... With a traditional SIEM, you pay a lump sum for licenses. But with Sentinel, it's pay-as-you-go according to the amount of data you inject."

"Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."

"There are no additional costs other than the initial costs of Sentinel."

"It is consumption-based pricing. It is an affordable solution."

"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."

More Microsoft Sentinel pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

824,053 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

Government

Manufacturing Company

Computer Software Company

16%

Financial Services Firm

10%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Fortinet FortiSIEM?

Fortinet FortiSIEM needs to provide better API integrations to users.

See all answers

What is your experience regarding pricing and costs for Fortinet FortiSIEM?

Fortinet FortiSIEM is high-priced. Previously, its licensing model required separate licenses for devices, agents, and EPS, which was quite rigid. The revised model is subscription-based and more f...

See all answers

What needs improvement with Fortinet FortiSIEM?

FortiSIEM is a bit resource-hungry, so work should be done on hardware resource utilization to consume less hardware. Another major problem is its licensing model, which initially required separate...

See all answers

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

Comparisons

IBM Security QRadar vs Fortinet FortiSIEM

Compared 13% of the time

Wazuh vs Fortinet FortiSIEM

Compared 12% of the time

Splunk Enterprise Security vs Fortinet FortiSIEM

Compared 10% of the time

ThousandEyes vs Fortinet FortiSIEM

Compared 7% of the time

LogRhythm SIEM vs Fortinet FortiSIEM

Compared 6% of the time

More Fortinet FortiSIEM Competitors

AWS Security Hub vs Microsoft Sentinel

Compared 21% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 10% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 7% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Microsoft Defender for Cloud vs Microsoft Sentinel

Compared 2% of the time

More Microsoft Sentinel Competitors

Product Reports

Buyer's Guide

Fortinet FortiSIEM

December 2024

Download Fortinet FortiSIEM product report

Buyer's Guide

Microsoft Sentinel

November 2024

Download Microsoft Sentinel product report

Also Known As

FortiSIEM, AccelOps

Azure Sentinel

Learn More

Fortinet

Microsoft

Overview

FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

Companies around the world use FortiSIEM for the following use cases:

Threat management and intelligence that provide situational awareness and anomaly detection
Alleviating compliance mandate concerns for PCI, HIPAA and SOX
Managing “alert overload”
Handling the “too many tools” reporting issue
Addressing the MSPs/MSSPs pain of meeting service level agreements

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Sample Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Buyer's Guide

Fortinet FortiSIEM vs. Microsoft Sentinel

December 2024

Free Report: Fortinet FortiSIEM vs. Microsoft Sentinel

Find out what your peers are saying about Fortinet FortiSIEM vs. Microsoft Sentinel and other solutions. Updated: December 2024.

DOWNLOAD NOW

824,053 professionals have used our research since 2012.

See our Fortinet FortiSIEM vs. Microsoft Sentinel report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.