Try our new research platform with insights from 80,000+ expert users

Fortinet FortiSIEM vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiSIEM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
73
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
22nd
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Log Management (22nd)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Fortinet FortiSIEM is 3.1%, up from 3.0% compared to the previous year. The mindshare of NetWitness Platform is 0.6%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Oliver Jackson - PeerSpot reviewer
Systems monitoring enhanced by firewall and intrusion detection features
My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification.  My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and…
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The Threat Hunting feature provides complete traffic analysis."
"To add workers and even collectors is pretty easy."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same."
"The product's initial setup phase was easy."
"The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"This solution offers extensive customization options, making it possible to adapt it precisely to their requirements."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"It's quite economical compared to other solutions in the market."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"NetWitness can be highly beneficial for incident detection and response."
 

Cons

"The dashboard needs to improve."
"Improvements include making it easier for users to create their normalizers. Fortinet FortiSIEM uses XML for normalizing and parsing, which can be tedious and time-consuming. A simpler way of using regex could be helpful."
"The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."
"I would like to see easier implementation in the future."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"The log collection and configuration management are not great."
"Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.vvv"
"The user interface is a little bit difficult for new users and it needs to be improved."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It is not so easy to customize this product."
"We have encountered issues with unresolved crashes."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The tool's integration capability isn't so great."
"An area for improvement would be better automation and more inbuilt use cases."
 

Pricing and Cost Advice

"Pricing is determined based on the customer's budget."
"Please be cheaper and more simplified."
"They have a yearly subscription."
"Fortinet FortiSIEM is cheaper compared to other products."
"We pay for a license for FortiSIEM. We pay for the license and renewal."
"The price of Fortinet FortiSIEM was reasonable compared to other solutions."
"The solution is available for both, perpetual and subscription licenses."
"This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
"This is a pricey solution; it's not cheap."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The product is expensive."
"The licenses are good but the cost is very expensive."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The product price was reasonable for my region and the market."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
9%
Government
7%
Comms Service Provider
7%
Financial Services Firm
18%
Computer Software Company
17%
Government
6%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortinet FortiSIEM?
Fortinet FortiSIEM needs to provide better API integrations to users.
What is your experience regarding pricing and costs for Fortinet FortiSIEM?
As a service, the cost is reasonable and affordable with scalable pricing based on the number of monitored devices. However, setting it up for oneself as an enterprise-licensed product can be quite...
What needs improvement with Fortinet FortiSIEM?
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a ...
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
 

Also Known As

FortiSIEM, AccelOps
RSA Security Analytics
 

Overview

 

Sample Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
Los Angeles World Airports, Reply
Find out what your peers are saying about Fortinet FortiSIEM vs. NetWitness Platform and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.