We performed a comparison between Fortinet FortiAnalyzer and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"We have no complaints about the features or functionality."
"The machine learning and artificial intelligence on offer are great."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Logging is the best feature."
"The IBS (Intent Based Segmentation) and application web filtering are the most valuable aspects of the solution."
"FortiAnalyzer's reporting features like graphs, threat intelligence, and vulnerabilities analysis are helpful. Fortinet knows how to do reporting. You can customize your reports to show exactly what you want to analyze. It's user-friendly and doesn't require a lot of effort."
"The most valuable feature of the solution is reporting."
"The most valuable feature is the capability to create a customized dashboard."
"FortiAnalyzer has a user-friendly interface with a quick response and good analytics. It's very secure because it's taking the log from the devices on a secure channel, so there is no problem with that in your network."
"The most valuable is its robust and comprehensive reporting functionality, providing a thorough overview of various metrics."
"It's a very stable product."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"We can integrate threat intelligence solutions into the product."
"I would like to be able to monitor applications outside of the Azure Cloud."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The reports are good, but they are over-summarized."
"Fortinet FortiAnalyzer cannot receive any queries. They should add this feature in the future to help manage solutions."
"Fortinet FortiAnalyzer is not in the cloud environment like some of the other products. There could be a possibility of extending its functionality to the cloud environment. If possible, they could have a deal with or integrate with other firewall manufacturers, like Palo Alto and Cisco, and mix the information. It is a difficult functionality. I don't know if any product in the market provides such functionality."
"We would like to see some improvement on the upgrade process around this solution. There are sometimes communication issues when a new version of the firewall is implemented, and it fails to report back to this product."
"The only issue that I can see is with the cost. For example, if you buy support for one year, you are messed up next year. It's better to buy another gateway."
"We would like to do the reporting, logging, and administration of all the public devices and all the IoT devices. We wish to add the switches, and routers from different vendors, so it's not a vendor-specific diagnostic solution."
"I think some improvement is required in real-time log monitoring, as sometimes it gets stuck or displays results after a delay."
"I'm looking for something more efficient to analyze different foreign things. That's why FortiSIEM could compete with FortiAnalyzer."
"The initial setup is the most stressful, like learning how to use it."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"Sumo Logic needs to make sure integrating solutions are seamless."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"There are some API gaps that are missing."
Fortinet FortiAnalyzer is ranked 7th in Log Management with 81 reviews while Sumo Logic Security is ranked 21st in Log Management with 17 reviews. Fortinet FortiAnalyzer is rated 8.0, while Sumo Logic Security is rated 8.4. The top reviewer of Fortinet FortiAnalyzer writes "We can automate event-based handling solutions, is stable, and is great for heavy traffic". On the other hand, the top reviewer of Sumo Logic Security writes "Integrates well, useful rules, and beneficial GUI". Fortinet FortiAnalyzer is most compared with Wazuh, Splunk Enterprise Security, Graylog, LogRhythm SIEM and ManageEngine EventLog Analyzer, whereas Sumo Logic Security is most compared with Wazuh, Splunk Enterprise Security, Rapid7 InsightIDR, VMware Aria Operations for Logs and IBM Security QRadar. See our Fortinet FortiAnalyzer vs. Sumo Logic Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.