We performed a comparison between AWS Security Hub and Fortinet FortiSIEM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The pricing of the product is excellent."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The solution shows us our compliance score."
"Very good at detection and providing real-time alerts."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."
"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"The CMDB and the device discovery features are most valuable."
"Fortinet FortiSIEM is easy to use."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high."
"Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"I would like to see more AI used in processes."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"The solution lacks self-sufficiency."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"The biggest thing that could be better is a quicker response to support cases."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"FortiSIEM is not a market leader in the SIEM space."
AWS Security Hub is ranked 8th in Security Information and Event Management (SIEM) with 17 reviews while Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews. AWS Security Hub is rated 7.6, while Fortinet FortiSIEM is rated 7.6. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Oracle Security Monitoring and Analytics Cloud Service, whereas Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes. See our AWS Security Hub vs. Fortinet FortiSIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
