We performed a comparison between ArcSight ESM and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Fortinet FortiSIEM users like its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. ArcSight ESM users have recommended improvements in training, speed, and data administration. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
"Sentinel pricing is good"
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"I value the event correlation of this product."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"The stability of ArcSight Enterprise Security Manager is good."
"SmartConnector: Normalization parses raw logs and converts them into CEF (common event format). This is the core of the product."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"It's a very nice solution to work with."
"It is used as an alerting platform."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"The stability is very reliable. It offers very good performance."
"Fortinet FortiSIEM provides good detection against advanced threats."
"The product is quite well-organized. The GUI makes it easy to navigate."
"We'd like also a better ticketing system, which is older."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The reporting could be more structured."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Deployment typology could be improved. Difficult to scale across all the different lines of businesses."
"ArcSight ESM needs to improve performance, user interface, and automation."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"HPE ArcSight has a quite steep learning curve."
"They also could improve the product by integrating user and identity behavior analytics."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"The stability isn't quite perfect. We occasionally run into problems."
"Not very good on non-API features, lacks that functionality."
"Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time."
"Its training can be improved. Its price also needs to be improved."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
"The dashboard needs to improve."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews while Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 63 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Fortinet FortiSIEM is rated 7.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Elastic Security, whereas Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and AlienVault OSSIM. See our ArcSight Enterprise Security Manager (ESM) vs. Fortinet FortiSIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.