We performed a comparison between Fortinet FortiSOAR and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The UI-based analytics are excellent."
"Free ingestion for Azure logs (with E5 licence)"
"While Microsoft Sentinel provides a log of security events, its true power lies in its integration with Microsoft Defender."
"It has a lot of great features."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"It has basic out-of-the-box integrations with multiple log sources."
"It has a quick detection and response time."
"It's great that the solution is integrated with FortiAnalyzer."
"The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it."
"We use the product for security."
"It is a scalable solution...The implementation phase of the product was not tough or difficult."
"Fortinet FortiSOAR is a very interactive and user-friendly solution."
"The product can be automated for network security purposes. The solution offers a great security automation response."
"The reputation of the brand is very good."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"The product has a very simple UI."
"The ease of use is great."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"The solution is available over the cloud and is easy to manage."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The AI capabilities must be improved."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Fortinet's tech support overall is not great when they are at their best."
"Technical support could be improved."
"The area that needs improvement is integration with multiple third-party vendors."
"The solution’s pricing could be improved."
"I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"The technology and integrations are important so should continue to be enhanced."
"Fortinet FortiSOAR should improve its analysis."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."
"There is room for improvement in terms of developer support and documentation."
"The initial setup is difficult."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
More ServiceNow Security Operations Pricing and Cost Advice →
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 12 reviews while ServiceNow Security Operations is ranked 8th in Security Orchestration Automation and Response (SOAR) with 15 reviews. Fortinet FortiSOAR is rated 7.4, while ServiceNow Security Operations is rated 8.0. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". Fortinet FortiSOAR is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, Swimlane, IBM Resilient and Cisco SecureX, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Swimlane and ThreatConnect Threat Intelligence Platform (TIP). See our Fortinet FortiSOAR vs. ServiceNow Security Operations report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.