We performed a comparison between Fortinet FortiSIEM and LogRhythm NetMon based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The product can integrate with any device."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"It's very easy for anyone to work with."
"Easy alert setup which enables different alerts in different categories."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"NetMon's best feature is traffic analysis."
"The most valuable feature is the log, which can be analyzed by our SIEM solution."
"The protocols with which you see the traffic for a particular website that a client has in their environment, for example, are valuable. We can monitor whether the traffic is up to the mark or whether they need to add more bandwidth. Also, we can see if we're able to get real-time environment data as well. The customization dashboard is really good. LogRhythm NetMon has its own in-built dashboards which are helpful in guiding customization."
"It has a very strong artificial intelligence engine."
"It is a stable solution...It is a scalable solution."
"The analytics feature is the most valuable feature."
"Visibility is a valuable feature, the ability to see even if the traffic is not going into the firewall"
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The product can be improved by reducing the cost to use AI machine learning."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The playbook is a bit difficult and could be improved."
"The troubleshooting has room for improvement."
"The biggest thing that could be better is a quicker response to support cases."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.vvv"
"I would like to see easier implementation in the future."
"FortiSIEM could be better integrated with other vendors."
"Patching is not great - we're not getting the support we'd expect."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products."
"LogRhythm NetMon's pricing model is an area of concern that should be made a little bit cheaper in comparison to the other players in the market currently."
"Sometimes it's hard to find the network devices' self-audit logs."
"The training for this product is not very good and needs to be improved."
"There is an issue with tunneling in relation to how the connectivity is established between the end devices and where NetMon is installed. On the console, I often observe that there's a difference of a few seconds or maybe a minute, and this lag time should not be there."
"Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations."
"Could use a topology diagram which would help get an exact visual."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while LogRhythm NetMon is ranked 57th in Network Monitoring Software with 9 reviews. Fortinet FortiSIEM is rated 7.6, while LogRhythm NetMon is rated 7.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of LogRhythm NetMon writes "A stable and scalable tool useful for network behavior analysis, DPA, and network forensic services". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas LogRhythm NetMon is most compared with PRTG Network Monitor, ObserverLIVE, SCOM and Zabbix. See our Fortinet FortiSIEM vs. LogRhythm NetMon report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.