We performed a comparison between IBM Security QRadar and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Our users prefer IBM Security QRadar over Fortinet FortiSIEM. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"It has a lot of great features."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The automation feature is valuable."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The product can integrate with any device."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The stability is very reliable. It offers very good performance."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"FortiSIEM's best features are the dashboards and customization."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"Real-time monitoring makes life quite easy for me."
"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"The pre-canned rules and reports in this product are a huge plus."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"It is a very optimized engine."
"It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
"There are other third-party plugins that we can use."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The solution should allow for a streamlined CI/CD procedure."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.vvv"
"The stability of the product is an area of concern where improvements are required."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."
"They should enhance the solution's AI capabilities, including XDR and EDR."
"QRadar needs a lot of fine tuning"
"Some of the cloud apps need improvement."
"Integration could be better. They should make it easy to integrate with other solutions."
"IBM technical support is always terrible."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Fortinet FortiSIEM is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Fortinet FortiSIEM is most compared with Splunk Enterprise Security, LogRhythm SIEM, Wazuh, ThousandEyes and PRTG Network Monitor, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our Fortinet FortiSIEM vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.