We performed a comparison between Fortinet FortiSIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very easy for anyone to work with."
"Fortinet FortiSIEM is less costly than other products and is available 24/7."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"The product's initial setup phase was easy."
"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
"The stability is very reliable. It offers very good performance."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"It is easy to use and deploy. It comes with user-friendly manuals."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The most valuable feature is the correlation rules."
"Compared to other solutions, the user interface is good."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The solution's technical support is great."
"This solution integrates easily and very well with other technologies."
"There is no proper guide for integration or configuration."
"The biggest thing that could be better is a quicker response to support cases."
"The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"They need to integrate better with Cisco and Palo Alto."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"Product currently requires Flash."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"Tech support is required each time there is a system update of the solution."
"I would like to see fingerprint recognition included in the next release of this solution."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"Customized reports and alerting functionality could be included in the dashboard."
Fortinet FortiSIEM is ranked 10th in Security Information and Event Management (SIEM) with 65 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Fortinet FortiSIEM is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Microsoft Sentinel and LogRhythm SIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Microsoft Sentinel. See our Fortinet FortiSIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.