We performed a comparison between Fortinet FortiSIEM and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The product can integrate with any device."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The initial setup is very simple and straightforward."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Free ingestion for Azure logs (with E5 licence)"
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"Both the collecting logs and duo correlation are valuable features for us."
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"The event correlation is pretty robust. The GUI is pretty good."
"This solution offers extensive customization options, making it possible to adapt it precisely to their requirements."
"To add workers and even collectors is pretty easy."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"Microsoft 365 Defender is a stable solution."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The on-prem log sources still require a lot of development."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The solution could be more user-friendly; some query languages are required to operate it."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"I would like to see more integration with other platforms."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"We need to see incident reports about the event log, without events from the administrator or through human interaction."
"They need to integrate better with Cisco and Palo Alto."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"Customer support service could be better."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"The licensing is a nightmare and has room for improvement."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Stability could be improved by avoiding frequent changes to the interface."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 64 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 79 reviews. Fortinet FortiSIEM is rated 7.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Intune. See our Fortinet FortiSIEM vs. Microsoft Defender XDR report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.