We compared Splunk Enterprise Security and Fortinet FortiSIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some FortiSIEM users found it effortless to install within a day or two. Others reported difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities, but reviewers say its analytics and AI capabilities need improvement. Fortinet FortiSIEM is considered an affordable solution with effective correlation features, but it falls short in terms of database monitoring and reporting.
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The Log analytics are useful."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Log aggregation and data connectors are the most valuable features."
"The main benefit is the ease of integration."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"The CMDB and the device discovery features are most valuable."
"Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"It's a very nice solution to work with."
"It's very easy for anyone to work with."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"Without Splunk Enterprise Security, it would be difficult for us to manage and prioritize alerts. There's a potential to lose track of important notifications, and it's essential to our security that we do not miss anything. Splunk has improved our investigations because the reporting and dashboarding make things so much easier. We can provide weekly or monthly reports. I also like Splunk's ability to integrate."
"The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature."
"The most valuable feature of Splunk is the management and built-in workflows."
"You can use it to gather syslog messages from anything."
"The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization."
"The scalability is good."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The solution could be more user-friendly; some query languages are required to operate it."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"There could be more AI features included in the product."
"They need to integrate better with Cisco and Palo Alto."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"I would like to see easier implementation in the future."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
"The configuration had a bit of a learning curve."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"This solution could be improved by better pricing in general and by easier installation."
"It needs integration with a configuration management solution."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews. Fortinet FortiSIEM is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Fortinet FortiSIEM is most compared with IBM Security QRadar, LogRhythm SIEM, Wazuh, ThousandEyes and PRTG Network Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Fortinet FortiSIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.