We performed a comparison between Fortinet FortiSIEM and NETSCOUT nGeniusONE based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"We have no complaints about the features or functionality."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"The Threat Hunting feature provides complete traffic analysis."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"It's a very nice solution to work with."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"The solution helps to troubleshoot and put our hands on the weak points of customer networks."
"Packet decode and bandwidth analysis reports are the two most valuable features."
"We are using nGeniusONE to run our bandwidth capacity management reports. In the past, we used to be very reactive, we used to depend a lot on suppliers to tell us which sites are our hot sites, meaning, which have high bandwidth utilization. Now we do this in a much more proactive way and we are moving to a more predictive approach in that aspect, thanks to nGeniusONE."
"The quick drill-down views are similar to Wireshark views. Those are quite nice, with the views on how you interpret some of the data. The granularity of how far you can drill down into milliseconds or microseconds is a very nice feature. It actually stores quite a lot of data in its database."
"The solution transforms packet wire data into real-time data that is actionable. It helps us with faster detection of issues and allows us to create alerts."
"It catches bigger issues on a weekly basis. That's how often we find something big enough that the only reason we know about it is because of the nGeniusONE. The bigger issues are mostly security-type issues: Odd traffic leaving our network or coming into it, that has found its way past a firewall."
"It has versatility to correlate different traffic types and performance management statistics."
"It helps us get to the root cause quickly. It helps us find massive error codes, then we drill down on that error code, knowing that is the source of our problem."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The solution should allow for a streamlined CI/CD procedure."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"Customer support service could be better."
"They need to integrate better with Cisco and Palo Alto."
"The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."
"We need to see incident reports about the event log, without events from the administrator or through human interaction."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"They should enhance the solution's AI capabilities, including XDR and EDR."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"There is currently less visibility or GUI to analyse the packet for troubleshooting purposes."
"The current solution is not easy to scale, because it is an appliance-based solution. So, you have to swap everything out."
"The scalability needs some work. From a probe perspective, we are limited to a certain amount of throughput on the devices themselves. Without having actual hooks into the bare metal hardware for the solutions, it's a bit of a "thumb in the air" as to when we hit our capacity or when our high watermark is."
"The stability is only fair. It goes down a lot."
"They can improve still on the workflows, document their workflows that are commonly used... We don't know some of the workflows yet, and it's not something that you can just read up in the manual. There is some stuff in the help manual and online, but it's to a point where you need to purchase extra training and services from them. You can't just go and read up on it yourself and learn from A to Z..."
"The product is a little complicated."
"Its initial setup process is complicated."
"For individual subscriber tracings, sometimes it does not capture all the messages. There is a little bit of room for improvement there."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while NETSCOUT nGeniusONE is ranked 27th in Network Monitoring Software with 47 reviews. Fortinet FortiSIEM is rated 7.6, while NETSCOUT nGeniusONE is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NETSCOUT nGeniusONE writes "We use it every day for the triaging of events, saving us a lot of time". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas NETSCOUT nGeniusONE is most compared with Gigamon Deep Observability Pipeline, Dynatrace, ThousandEyes, AppDynamics and SolarWinds NPM. See our Fortinet FortiSIEM vs. NETSCOUT nGeniusONE report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
