We performed a comparison between Fortinet FortiSIEM and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It has a lot of great features."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Free ingestion for Azure logs (with E5 licence)"
"FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."
"Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"We're able to get real-timec as well as our customer networks that we're monitoring at all times."
"The solution’s IP database is awesome."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"FortiSIEM is a great tool for making security processes transparent."
"It's very easy for anyone to work with."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"The product is very easy to use."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We'd like also a better ticketing system, which is older."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"I would like to see more AI used in processes."
"The reporting could be more structured."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time."
"The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"The backup and recovery process for this solution needs improvement."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"We should be able to use the product on devices like Apple, Linux, etc."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The data recovery and backup could be improved."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The management and automation of the cloud apps have room for improvement."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. Fortinet FortiSIEM is rated 7.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Intune. See our Fortinet FortiSIEM vs. Microsoft Defender XDR report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.