We performed a comparison between Fortinet FortiSIEM and NETSCOUT nGeniusONE based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"We have no complaints about the features or functionality."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"Real-time monitoring makes life quite easy for me."
"Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"FortiSIEM is a great tool for making security processes transparent."
"The CMDB and the device discovery features are most valuable."
"Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses."
"The most valuable feature of NETSCOUT nGeniusONE is it helps customer to understand what risks are in their network. For example, if a customer has some wrong configurations. It could cost them some critical services to slow down."
"The support is good."
"The quick drill-down views are similar to Wireshark views. Those are quite nice, with the views on how you interpret some of the data. The granularity of how far you can drill down into milliseconds or microseconds is a very nice feature. It actually stores quite a lot of data in its database."
"It helps us get to the root cause quickly. It helps us find massive error codes, then we drill down on that error code, knowing that is the source of our problem."
"When we have any type of outage, and we dig into it, we are able to tell what the root cause is instead of having to go through Wireshark, etc."
"The visual and graphical interfaces in the display that it provides for us to show our senior leadership. We can show them what is actually happening, instead of a spreadsheet."
"Stability-wise, I rate the solution a ten out of ten."
"From the standpoint of VoLTE and related things, it's providing visibility into the network and how it operates."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The troubleshooting has room for improvement."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Fortinet FortiSIEM needs to provide better API integrations to users."
"They should enhance the solution's AI capabilities, including XDR and EDR."
"Patching is not great - we're not getting the support we'd expect."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"Network detection and response is a separate product."
"NETSCOUT nGeniusONE can improve the detection of what area of the infrastructure could be having an issue, such as an application, server, or network. It needs to find evidence of a fault."
"The single pane of glass view is a challenge. I like the graphics, they're easy to understand, but when more digging is required, it's more complicated to get what I'm expecting."
"The dependency mapping is good, but I am hopeful that they will build some type of partnership and relationship with ServiceNow. I want to see NETSCOUT partner with ServiceNow so they can leverage Service Now Discovery and Service Mapping to automate the build of the service dependency mappings inside of nGeniusONE."
"There are so many pieces of their product that integrate with one another that perhaps a recommendation for improvement would be some sort of bigger overview and map to help understand how all their pieces integrate together."
"I would love to have them reassemble fragmented packets. That would be a very big plus in my book."
"The technical support could improve a bit with quicker responses for early on questions. What I think are simple questions are taking a long time to get answers to."
"Trying to set up dashboards is hard to figure out at times, if you don't do it every day. It's not really intuitive to set them all up... If there were a wizard to take us through, step-by-step, creating dashboards and the like, that would be really helpful."
"The GUI has gotten better over time but there could be some improvement in how the GUI is built."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 64 reviews while NETSCOUT nGeniusONE is ranked 26th in Network Monitoring Software with 47 reviews. Fortinet FortiSIEM is rated 7.6, while NETSCOUT nGeniusONE is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NETSCOUT nGeniusONE writes "We use it every day for the triaging of events, saving us a lot of time". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas NETSCOUT nGeniusONE is most compared with Gigamon Deep Observability Pipeline, Dynatrace, ThousandEyes, AppDynamics and SolarWinds NPM. See our Fortinet FortiSIEM vs. NETSCOUT nGeniusONE report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.