We performed a comparison between Elastic Security and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The connectivity and analytics are great."
"The main benefit is the ease of integration."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The most valuable feature for me is Discover."
"It's open-source and free to use."
"I like the indexing of the logs."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"It's very customizable, which is quite helpful."
"We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
"FortiSIEM is a great tool for making security processes transparent."
"We're able to get real-timec as well as our customer networks that we're monitoring at all times."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"The solution is easy to use and user-friendly."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"The stability is very reliable. It offers very good performance."
"We find the solution to be stable."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The troubleshooting has room for improvement."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"Sometimes, the solution isn't the easiest to use."
"There isn't really a very good user experience. You need a lot of training."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"This solution is very hard to implement."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"Patching is not great - we're not getting the support we'd expect."
"The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."
"Customer support service could be better."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"Its training can be improved. Its price also needs to be improved."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews. Elastic Security is rated 7.6, while Fortinet FortiSIEM is rated 7.6. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes. See our Elastic Security vs. Fortinet FortiSIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.