We performed a comparison between Fortinet FortiSIEM and NetBrain based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"This solution offers extensive customization options, making it possible to adapt it precisely to their requirements."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"To add workers and even collectors is pretty easy."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"Both the collecting logs and duo correlation are valuable features for us."
"The solution’s IP database is awesome."
"Chain management is a good feature. I don't get it on other solutions."
"Enables maps to be drawn out."
"A reliable, time-saving tool for providing accurate layer 2 and layer 3 network mappings."
"NetBrain is a very simple tool."
"This product has good network monitoring and troubleshooting capabilities."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The troubleshooting has room for improvement."
"The reporting could be more structured."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"The only thing is sometimes you can have a false positive."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"The dashboard needs to improve."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"The stability of the product is an area of concern where improvements are required."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"Fortinet FortiSIEM could improve by having a signature update."
"It would be nice if the setup was a little simpler. Also, if the solution could provide more training materials for new people coming into our company so they can quickly learn how to use the functionalities."
"Support needs to improve for the installed product and some of the reporting could be more flexible to provide more complete cataloging."
"The solution could integrate more automation."
"Each device needs to be configured to allow NetBrain to poll for the information it needs, which can be very time-consuming for a large network."
"The IP interface brief isn't consistent."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while NetBrain is ranked 15th in Network Troubleshooting. Fortinet FortiSIEM is rated 7.6, while NetBrain is rated 7.2. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NetBrain writes "Good monitoring and troubleshoot capabilities, improves overall network traffic visibility". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas NetBrain is most compared with Cisco DNA Center, ThousandEyes, Red Hat Ansible Automation Platform, SolarWinds Network Automation Manager and ScienceLogic. See our Fortinet FortiSIEM vs. NetBrain report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.