We performed a comparison between IBM Security QRadar and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Our users prefer IBM Security QRadar over Fortinet FortiSIEM. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The analytic rule is the most valuable feature."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The main benefit is the ease of integration."
"It's pretty powerful and its performance is pretty good."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"FortiSIEM is a great tool for making security processes transparent."
"FortiSIEM's best features are the dashboards and customization."
"The solution’s IP database is awesome."
"The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"Fortinet FortiSIEM provides good detection against advanced threats."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"There are a lot of great out-of-the-box features included."
"Improved our organization's TCO."
"Improves visibility and has a great new dashboard."
"It helps us discover any threats with their alerts and tracking."
"I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
"I think the QDI is very good."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Sentinel's reporting is complex and can be more user-friendly."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"FortiSIEM could be better integrated with other vendors."
"When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"There could be more AI features included in the product."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"I have noticed the interface has room for improvement."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
"The solution should include remote action capabilities."
"The usability of interfaces could be improved."
"The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."
"I would like the rule creation interface to be much more user-friendly in the next release."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Fortinet FortiSIEM is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Fortinet FortiSIEM is most compared with Splunk Enterprise Security, LogRhythm SIEM, Wazuh, ThousandEyes and PRTG Network Monitor, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our Fortinet FortiSIEM vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.