We performed a comparison between Fortinet FortiSIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The UI of Sentinel is very good and easy to use, even for beginners."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"Real-time monitoring makes life quite easy for me."
"The Threat Hunting feature provides complete traffic analysis."
"It's a very nice solution to work with."
"The most valuable feature is the anomaly-reporting alarms."
"FortiSIEM's log correlation is good."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"Performance and reporting are very good."
"The solution is really scalable for the high-end power, enterprise customer."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable features are the integration and ease of use."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"I would like to be able to monitor applications outside of the Azure Cloud."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"I would like to see more AI used in processes."
"The graphs on the user interface could be improved as we often experience glitches."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
"FortiSIEM could be better integrated with other vendors."
"Its training can be improved. Its price also needs to be improved."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The implementation needs assistance."
"The tool's integration capability isn't so great."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Health monitoring of the event sources and devices."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"Security needs improvement."
"Technical support could be improved."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews. Fortinet FortiSIEM is rated 7.6, while NetWitness Platform is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Elastic Security. See our Fortinet FortiSIEM vs. NetWitness Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.