IT Central Station is now PeerSpot: Here's why

Cisco Stealthwatch vs Fortinet FortiSIEM comparison

Cancel
You must select at least 2 products to compare!
Vectra AI Logo
14,467 views|6,983 comparisons
Cisco Logo
21,953 views|16,326 comparisons
Fortinet Logo
14,007 views|8,432 comparisons
Featured Review
Buyer's Guide
Cisco Stealthwatch vs. Fortinet FortiSIEM
March 2019
Find out what your peers are saying about Cisco Stealthwatch vs. Fortinet FortiSIEM and other solutions. Updated: March 2019.
610,518 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra.""The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into.""One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us.""It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response.""It has reduced the time it takes to respond to attacks. That comes back to the proactive point. It makes us able to lower down in the kill chain, we can react now, rather than reacting to incidents that happened, we can see an instant, in some cases, as it's being implemented, or as it's being launched.""Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis.""It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload.""The dashboard gives me a scoring system that allows me to prioritize things that I should look at. I may not necessarily care so much about one event, whereas if I have a single botnet detection or a brute force attack, I really want to get on top of those."

More Vectra AI Pros →

"It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.""We find that Stealthwatch can detect the unseen.""It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal.""It has definitely helped us improve our mean time to resolution on network issues.""From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it.""Great network monitoring, looking at anomaly detection and evaluation.""Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.""StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk."

More Cisco Stealthwatch Pros →

"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.""The stability is very reliable. It offers very good performance.""Easy alert setup which enables different alerts in different categories.""Technical support is helpful.""The most valuable feature is the anomaly-reporting alarms.""One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.""Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.""The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."

More Fortinet FortiSIEM Pros →

Cons
"In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment.""Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass.""I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats.""They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard.""The main improvement I can see would be to integrate with more external solutions.""Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM.""I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing.""The false positives and the tuning side of it is something that could use improvement. But that could be from our side."

More Vectra AI Cons →

"We determined that Stealthwatch wouldn't provide the machine learning model that we required.""It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.""Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.""Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.""Many of these tools require extensive on-premises hardware to run.""We would like the solution to make more advances in the way that Extreme Networks has been doing.""There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.""The visualization could be improved, the GUI is not the best."

More Cisco Stealthwatch Cons →

"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules.""The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate.""The graphs on the user interface could be improved as we often experience glitches.""Its training can be improved. Its price also needs to be improved.""With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk.""There is no proper guide for integration or configuration.""I would like to see more integration with other platforms.""The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."

More Fortinet FortiSIEM Cons →

Pricing and Cost Advice
  • "The pricing is very good. It's less expensive than many of the tools out there."
  • "The pricing is high."
  • "Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
  • "From a pricing perspective, they are very commercially competitive. From a licensing perspective, just be conscious that some of their future cloud solutions come with additional subscriptions. Also, if you're outside of the US, you will get charged freight for the device back to your country."
  • "Cost is a big factor, as always. However, I think we have a very good price–performance ratio."
  • "Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links."
  • More Vectra AI Pricing and Cost Advice →

  • "This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
  • "It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want."
  • "There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive"
  • More Cisco Stealthwatch Pricing and Cost Advice →

  • "Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."
  • "The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
  • "They have a yearly subscription."
  • "The solution is available for both, perpetual and subscription licenses."
  • "Manageable, however would be better as pay as you go versus CapEX."
  • "The price of Fortinet FortiSIEM was reasonable compared to other solutions."
  • More Fortinet FortiSIEM Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    610,518 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the… more »
    Top Answer:Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a… more »
    Top Answer:Cost is a big factor, as always. However, I think we have a very good price–performance ratio.
    Top Answer:StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and… more »
    Top Answer:We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs.
    Top Answer:There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for… more »
    Top Answer:Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between… more »
    Top Answer:The price of Fortinet FortiSIEM was reasonable compared to other solutions. There are many licenses required, such as… more »
    Top Answer:The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time… more »
    Comparisons
    Also Known As
    Vectra Networks, Vectra AI NDR
    Cisco Stealthwatch Enterprise, Lancope StealthWatch
    FortiSIEM, AccelOps
    Learn More
    Overview

    Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

    Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

    The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

    With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

    One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

    The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

    Features of Vectra AI

    • AI-based threat detection and response. 
    • Detects attacks in real time with behavior-based threat detection. 
    • Consolidates and correlates thousands of events, detecting threats. 
    • Enriches threat investigation with a chain of evidence and data science security insights. 
    • Machine learning techniques, including deep learning and neural networks. 
    • Gives visibility into cyberattackers and analyzes all network traffic. 
    • Continuous updates with new threat detection algorithms. 
    • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
    • Guaranteed availability according to the SLA of the service selected. 
    • Does not connect to public sector networks. 

    Benefits of Vectra AI

    • Behavioral models use AI to find unknown attackers. 
    • Context increases the accuracy of threat hunting. 
    • Allows for proactive action by prioritizing the most relevant information. 
    • Provides a clear picture and extensive context for investigations. 
    • Aids decision-making in the incident response process. 
    • Helps working with large datasets by capturing metadata at scale. 
    • Automates time-consuming analysis. 
    • Reduces the security analysts’ workloads on threat investigations. 

    Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

    Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

    Reviews from Real Users

    Here’s what PeerSpot users of Vectra AI have to say about it:

    "One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

    "It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

    Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

    FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

    Companies around the world use FortiSIEM for the following use cases:

    • Threat management and intelligence that provide situational awareness and anomaly detection
    • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
    • Managing “alert overload”
    • Handling the “too many tools” reporting issue
    • Addressing the MSPs/MSSPs pain of meeting service level agreements
    Offer
    Learn more about Vectra AI
    Learn more about Cisco Stealthwatch
    Learn more about Fortinet FortiSIEM
    Sample Customers
    Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
    Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
    FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
    Top Industries
    REVIEWERS
    Financial Services Firm19%
    Retailer19%
    Manufacturing Company13%
    Mining And Metals Company13%
    VISITORS READING REVIEWS
    Computer Software Company24%
    Comms Service Provider23%
    Government7%
    Financial Services Firm6%
    REVIEWERS
    Healthcare Company22%
    Financial Services Firm17%
    Comms Service Provider7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Comms Service Provider32%
    Computer Software Company19%
    Government7%
    Financial Services Firm6%
    REVIEWERS
    Comms Service Provider26%
    Computer Software Company11%
    Financial Services Firm7%
    Retailer7%
    VISITORS READING REVIEWS
    Computer Software Company25%
    Comms Service Provider23%
    Government7%
    Manufacturing Company4%
    Company Size
    REVIEWERS
    Small Business18%
    Midsize Enterprise6%
    Large Enterprise76%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise63%
    REVIEWERS
    Small Business13%
    Midsize Enterprise10%
    Large Enterprise77%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    REVIEWERS
    Small Business38%
    Midsize Enterprise27%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise22%
    Large Enterprise52%
    Buyer's Guide
    Cisco Stealthwatch vs. Fortinet FortiSIEM
    March 2019
    Find out what your peers are saying about Cisco Stealthwatch vs. Fortinet FortiSIEM and other solutions. Updated: March 2019.
    610,518 professionals have used our research since 2012.

    Cisco Stealthwatch is ranked 4th in Network Traffic Analysis (NTA) with 10 reviews while Fortinet FortiSIEM is ranked 7th in Security Information and Event Management (SIEM) with 16 reviews. Cisco Stealthwatch is rated 8.2, while Fortinet FortiSIEM is rated 7.6. The top reviewer of Cisco Stealthwatch writes "Provides valuable security knowledge and helps us improve network performance". On the other hand, the top reviewer of Fortinet FortiSIEM writes "Very easy alert setup; a good tool for analysis and for SOC". Cisco Stealthwatch is most compared with Darktrace, SolarWinds NetFlow Traffic Analyzer, ThousandEyes, Palo Alto Networks Threat Prevention and Cisco Stealthwatch Cloud, whereas Fortinet FortiSIEM is most compared with Splunk, Microsoft Sentinel, IBM QRadar, Elastic Security and PRTG Network Monitor. See our Cisco Stealthwatch vs. Fortinet FortiSIEM report.

    We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.