We performed a comparison between Fortinet FortiSIEM and vRealize Network Insight based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The features that stand out are the detection engine and its integration with multiple data sources."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"It's pretty powerful and its performance is pretty good."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The UI-based analytics are excellent."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"We're able to get real-timec as well as our customer networks that we're monitoring at all times."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"The stability is very reliable. It offers very good performance."
"Both the collecting logs and duo correlation are valuable features for us."
"It is used as an alerting platform."
"The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."
"It allowed us to set up NSX and to do microsegmentation, without all of the pain points of having to determine each port and each IP address that needed to have access, and which ones needed to be blocked."
"By doing dependency mapping, it makes migrations more efficient. There are less outages that require engineers to spend additional hours troubleshooting the migration failures."
"The most valuable features are the monitoring and tracking. It's also intuitive and user-friendly. The screen looks exactly the same as the other appliances for VMware, so it's easy to navigate."
"The initial was straightforward. You can have it up and running in one hour."
"vRNI can trace the flow of each and every packet and it is easy for us to troubleshoot all the issues that we do have with the networking. We can trace down the packet to a point where it has been dropped."
"The most valuable feture is NetFlow to help us understand how VMs communicate with each other over ports that are known and ports that are also unknown to us. Our company is a security company, so it's very important for us to know exactly which VMs are doing what at all times."
"It gives the visibility that was either broken or there in pieces only. This solution provides a unified view of the whole system, back and forth. It has helped to reduce time to value, increase performance, more easily manage networks, and provide deep visibility."
"The solution is extremely intuitive and user-friendly. When you log in to the application you are presented with a dashboard that is very reasonable for an initial user, and you can then customize it to your specific needs. But for all the data that we've found, we've only had to go through two or three drill-downs to get into that information."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"I would like to see more AI used in processes."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Fortinet FortiSIEM could improve by having a signature update."
"The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."
"The nodes on our network did not comply with the SIEM solution. They use a different format parking log."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"Customer support service could be better."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"It needs to be a little easier to use and to understand the information it's putting out. That would make it more helpful. If you're not a network person you need to understand things like network policies and concepts. If you gave it to a regular admin, it would be nice if it were easier for them to pick up what is going on, understand the flows and whether or not stuff should be talking to each other, as opposed to just port groups and IP addresses."
"The only issue we have is that the solution does not always capture the host names."
"The compatibility with each and every component of the infrastructure is the main thing that I am looking for. I would like them to make sure that it's compatible with different kinds of storage systems, etc. I have seen the compatibility list. I feel it can be more compatible than it is right now."
"I would like to see application identification. That would be cool."
"If it were more application-aware, more descriptive; if it were able to determine the application that is actually doing the communication, that would be easier. More application information: which user or account it's accessing, is it accessing this application, doing these calls, if it is accessing a script, what script is it accessing. Things like that would provide deeper analytics so I can track what's going on. It would not just be, "These people shouldn't be talking," but who is actually doing these calls."
"The solution can be improved by making it more compatible with other brands, allowing for better integration."
"It just needs to be more reliable and more accurate. At some point, there are some things where it does not match properly."
"I would like to see more reporting features, more dashboards."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while vRealize Network Insight is ranked 24th in IT Infrastructure Monitoring with 44 reviews. Fortinet FortiSIEM is rated 7.6, while vRealize Network Insight is rated 8.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, VMware Aria Operations for Applications, Zabbix and AppNeta by Broadcom. See our Fortinet FortiSIEM vs. vRealize Network Insight report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
