We performed a comparison between Fortinet FortiSIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has basic out-of-the-box integrations with multiple log sources."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The UI-based analytics are excellent."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"It has a lot of great features."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections."
"It is used as an alerting platform."
"We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"It's very easy for anyone to work with."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."
"It has performed well and delivered the results that I have been looking for."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The solution's technical support is great."
"This solution integrates easily and very well with other technologies."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"The solution could improve the playbooks."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The biggest thing that could be better is a quicker response to support cases."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"The policy editing should be easier. Right now, it's too hard."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Fortinet FortiSIEM is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Fortinet FortiSIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
