We performed a comparison between Elastic Security and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"It has basic out-of-the-box integrations with multiple log sources."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The visualization is very good."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"Stability-wise, I rate the solution a ten out of ten."
"The feature that we have found the most valuable is scalability."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"It's very customizable, which is quite helpful."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"It's very stable and reliable."
"To add workers and even collectors is pretty easy."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"Fortinet FortiSIEM provides good detection against advanced threats."
"Fortinet FortiSIEM is less costly than other products and is available 24/7."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The troubleshooting has room for improvement."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The only thing is sometimes you can have a false positive."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"We'd like to see some more artificial intelligence capabilities."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"The solution's query building is not that intuitive compared to other solutions."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"Fortinet FortiSIEM could improve by having a signature update."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"Patching is not great - we're not getting the support we'd expect."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 64 reviews. Elastic Security is rated 7.6, while Fortinet FortiSIEM is rated 7.6. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh and LogRhythm SIEM. See our Elastic Security vs. Fortinet FortiSIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.