We compared Splunk Enterprise Security and Fortinet FortiSIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some FortiSIEM users found it effortless to install within a day or two. Others reported difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities, but reviewers say its analytics and AI capabilities need improvement. Fortinet FortiSIEM is considered an affordable solution with effective correlation features, but it falls short in terms of database monitoring and reporting.
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The machine learning and artificial intelligence on offer are great."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The Log analytics are useful."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It's a very nice solution to work with."
"The CMDB and the device discovery features are most valuable."
"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
"The solution is easy to use and user-friendly."
"Easy alert setup which enables different alerts in different categories."
"Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
"Fortinet FortiSIEM is easy to use."
"It is used as an alerting platform."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"It's the completeness of the solution that we like the most."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"It has a rapid response search environment in the event of an incident."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"The feature that we use the most is the correlation search engine within ES."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The troubleshooting has room for improvement."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Its training can be improved. Its price also needs to be improved."
"The policy editing should be easier. Right now, it's too hard."
"The graphs on the user interface could be improved as we often experience glitches."
"The nodes on our network did not comply with the SIEM solution. They use a different format parking log."
"There is no proper guide for integration or configuration."
"FortiSIEM could be better integrated with other vendors."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"There could be more AI features included in the product."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"The complexity could be worked on so that it's even easier and faster."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"The solution could improve by giving more email details."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. Fortinet FortiSIEM is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Fortinet FortiSIEM is most compared with IBM Security QRadar, LogRhythm SIEM, Wazuh, ThousandEyes and PRTG Network Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Fortinet FortiSIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.