We compared Splunk Enterprise Security and Fortinet FortiSIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some FortiSIEM users found it effortless to install within a day or two. Others reported difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities, but reviewers say its analytics and AI capabilities need improvement. Fortinet FortiSIEM is considered an affordable solution with effective correlation features, but it falls short in terms of database monitoring and reporting.
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Log aggregation and data connectors are the most valuable features."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The connectivity and analytics are great."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"It is used as an alerting platform."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"Both the collecting logs and duo correlation are valuable features for us."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"It's very easy for anyone to work with."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"Out-of-the-box, it seems very powerful."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
"It gives us the liberty to do more in terms of use cases."
"The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge."
"The solution is very fast and succinct."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"The most valuable feature is the custom dashboard feature."
"One key area that can be improved is by building a strong integration with our XDR platform."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"We'd like to see more connectors."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The product can be improved by reducing the cost to use AI machine learning."
"The reporting could be more structured."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"Not very good on non-API features, lacks that functionality."
"I would like to see more integration with other platforms."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"Network detection and response is a separate product."
"Fortinet FortiSIEM could improve by having a signature update."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."
"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
"Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"Its interface could be improved."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"We had an instance when Splunk failed and it took us a couple of days to recover."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews. Fortinet FortiSIEM is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Fortinet FortiSIEM is most compared with IBM Security QRadar, LogRhythm SIEM, Wazuh, ThousandEyes and PRTG Network Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Fortinet FortiSIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.