We compared Splunk Enterprise Security and Fortinet FortiSIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some FortiSIEM users found it effortless to install within a day or two. Others reported difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities, but reviewers say its analytics and AI capabilities need improvement. Fortinet FortiSIEM is considered an affordable solution with effective correlation features, but it falls short in terms of database monitoring and reporting.
"The main benefit is the ease of integration."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Real-time monitoring makes life quite easy for me."
"FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."
"The Threat Hunting feature provides complete traffic analysis."
"To add workers and even collectors is pretty easy."
"The most valuable feature is the anomaly-reporting alarms."
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing."
"You can check up on security from the dashboards."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"The search lookups are useful."
"It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"It scales better in the cloud than on-premise."
"The flexibility of the solution is quite good."
"The AI capabilities must be improved."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"I would like to see more AI used in processes."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We'd like to see more connectors."
"Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."
"FortiSIEM could be better integrated with other vendors."
"Customer support service could be better."
"Its training can be improved. Its price also needs to be improved."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"The dashboard needs to improve."
"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
"We had some connections issues with the solution at the beginning."
"The user experience could be improved."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"The product is relatively expensive."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Fortinet FortiSIEM is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Fortinet FortiSIEM is most compared with IBM Security QRadar, Wazuh, LogRhythm SIEM, ThousandEyes and PRTG Network Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Fortinet FortiSIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.