We performed a comparison between Fortinet FortiSIEM and SCOM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The product can integrate with any device."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The machine learning and artificial intelligence on offer are great."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"It works well with medium to large-scale enterprises."
"Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"The event correlation is pretty robust. The GUI is pretty good."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"FortiSIEM's best features are the dashboards and customization."
"The product's initial setup phase was easy."
"Technical support is helpful."
"We are able to do problem determination on runaway processes."
"SCOM has helped us to monitor all the VMs in our environment, especially the Windows servers."
"The solution's reporting engine has given me detailed information on which applications or services I've either failed or about to fail in terms of the predictive makeup on Azure cloud."
"It's easy to use."
"SCOM's most valuable features are the network path feature, reporting, and integration with business intelligence."
"It works better than other products I’ve used – namely SolarWinds, which is cumbersome and error prone for web app monitoring. SCOM is not."
"The most valuable feature of SCOM is the capability of using classes within your management pack development."
"This solution saves us a lot of work because it reduces the effort that is required in order to start monitoring."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The biggest thing that could be better is a quicker response to support cases."
"The graphs on the user interface could be improved as we often experience glitches."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"The stability of the product is an area of concern where improvements are required."
"The policy editing should be easier. Right now, it's too hard."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"I would like to see more integration with other platforms."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"They can focus more on cloud monitoring instead of on-premise monitoring. We should be able to monitor cloud-related applications. They can include this feature in the next release. If it is in the cloud, we can have scalability by using Kubernetes. The container is containerized, packaged, and managed using Kubernetes. This feature is not there in SCOM. Going forward, if they can focus on that, it will be great."
"On-prem network monitoring is something that could be improved drastically."
"It would be a much better product if Microsoft provided management packs with the product."
"There could be more integration of SIM in the solution."
"Of course, price is always an issue with Microsoft and could be improved."
"In a future release, they should add email notification alerts."
"I would like to better be able to monitor Oracle processes."
"The console feature is very poor, and it would be very good for us if this were improved."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while SCOM is ranked 3rd in Event Monitoring with 77 reviews. Fortinet FortiSIEM is rated 7.6, while SCOM is rated 7.8. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of SCOM writes "Has a good reporting engine, but its monitoring of the cloud-based environment could be improved". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and AlienVault OSSIM, whereas SCOM is most compared with Zabbix, Dynatrace, Datadog, AppDynamics and Nagios XI. See our Fortinet FortiSIEM vs. SCOM report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
