Fortinet FortiAnalyzer vs Splunk Enterprise Security comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Sep 22, 2023

We compared Fortinet FortiAnalyzer and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:

  • Features: Fortinet FortiAnalyzer features exceptional log collection capabilities and customizable reporting. FortiAnalyzer enables users to centrally manage and analyze logs in real-time. Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. 

  • Room for Improvement: Fortinet FortiAnalyzer could simplify its reporting module and cloud storage capabilities. Users say Splunk is a highly scalable and customizable solution. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.

  • Service and Support: Some Fortinet customers were dissatisfied with support, but others said it was helpful and responsive. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.

  • Ease of Deployment: FortiAnalyzer's initial setup is uncomplicated and manageable, typically taking approximately 30 minutes to a few hours. Some IT knowledge may be required. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. 

  • Pricing: While FortiAnalyzer isn't the most expensive option, users say the pricing could be more competitive. FortiAnalyzer's cost depends on the storage requirements, and many customers consider it reasonable. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.

  • ROI: FortiAnalyzer helps customers by providing insight into network traffic and speeding up issue resolution. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.

Conclusion: Users appreciate Splunk's superior log aggregation, data analytics, and dashboard functionalities but some bemoaned the lack of advanced AI capabilities and said Splunk could be more user-friendly. Fortinet excels in log collection and integration capabilities. However, it lags behind in areas such as pricing, technical support, and integration with other vendors and solutions. 
To learn more, read our detailed Fortinet FortiAnalyzer vs. Splunk Enterprise Security Report (Updated: September 2023).
734,678 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of Fortinet FortiAnalyzer is its performance.""We have the most data visibility.""It is easy to integrate Fortinet FortiAnalyzer with other products. You have a better overview of what's going on.""The ability to gather all gateway information and logs in a single location is the most valuable feature.""Initial setup is ok.""I would say that Fortinet's tech support is really good.""Technical reports clearly identify system checks, locations and areas, how many times things escape, which firewall is affected, and source IDs.""There are a lot of monitoring features available."

More Fortinet FortiAnalyzer Pros →

"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace.""I am satisfied with the support.""The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions.""Our clients use the solution to find any threats or vulnerabilities inside their environment.""It's better than IBM, in my opinion, because it's an independent entity.""The product is good, it satisfies our customers.""The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk.""The scalability is good."

More Splunk Enterprise Security Pros →

Cons
"The integration with other vendors for log collection could be enhanced.""We would like to do the reporting, logging, and administration of all the public devices and all the IoT devices. We wish to add the switches, and routers from different vendors, so it's not a vendor-specific diagnostic solution.""When using this solution, you need a high-level expert to make it work as it should.""The cost of FortiAnalyzer could be cheaper, especially when you are installing to a VM. For 90 percent of customers, the VM solution is enough.""Software reports are good but should match the dashboard and include top-level output instead of just base or low-level devices.""One thing we struggled with FortiAnalyzer was integration with SIEM. We also had issues with the new threats and APTs. There were false positives, so we needed to have some ratings related to false positives.""Fortinet FortiAnalyzer could improve by having better integration with other vendors.""The UI could use some improvement. It can be tough for a beginner to navigate because you don't know what to do even if you read the guide. I've talked to some users who said that they couldn't figure out what to do even after looking at the documentation."

More Fortinet FortiAnalyzer Cons →

"It will be helpful for customers if they can create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers.""They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match.""Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements.""We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that.""There can be a bit of complexity around some fields during the initial setup.""Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution.""Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."". Having a trial version or more training on Splunk would be helpful."

More Splunk Enterprise Security Cons →

Pricing and Cost Advice
  • "I believe that these devices were procured with a five-year maintenance and support license up front. I work at a university, so the vendor provides a considerable higher ed discount."
  • "We found the price of Fortinet FortiAnalyzer to be reasonable."
  • "It is acceptable for on-premises, but it is expensive for the cloud."
  • "FortiAnalyzer was in the product itself, but two years ago they split it from Fortinet. We paid the license two years ago."
  • "The enterprise version of this solution is costly. We have considered FortiAuthenticator for network control, but the pricing was focused on the larger companies and didn't suit our needs as a smaller business."
  • "It is expensive for small business customers. It is only available for customers with a high number of firewalls to manage or to report. If a customer has only five boxes of FortiGate, the price of FortiAnalyzer can be more than the five boxes. So, we can't easily put this solution for small business customers."
  • "I rate FortiAnalyzer six out of 10 for affordability. FortiAnalyzer pricing isn't steady. It changes each quarter or year. That's one of the main problems in West Abaco because most businesses here are small or medium-sized enterprises. It makes budgeting complicated. You always want to pay the same price on the subscription."
  • "The hardware has a one-time cost and maintenance is paid by annual subscription."
  • More Fortinet FortiAnalyzer Pricing and Cost Advice →

  • "The price of Splunk is reasonable."
  • "The subscription is monthly."
  • "It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."
  • "It's a yearly subscription."
  • "This product could use better pricing in general."
  • "The pricing modules could be improved."
  • "This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement."
  • "It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."
  • More Splunk Enterprise Security Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    734,678 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The ability to gather all gateway information and logs in a single location is the most valuable feature.
    Top Answer:I would rate FortiAnalyzer's price a seven out of ten, with ten being the most expensive.
    Top Answer:I don't find Fortinet FortiAnalyzer to be as robust as Check Point Security Management. However, this perception might be attributed to my limited familiarity with Fortinet FortiAnalyzer. For… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also,… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we… more »
    Ranking
    8th
    out of 73 in Log Management
    Views
    11,302
    Comparisons
    6,569
    Reviews
    45
    Average Words per Review
    403
    Rating
    8.1
    1st
    out of 73 in Log Management
    Views
    34,098
    Comparisons
    27,998
    Reviews
    62
    Average Words per Review
    739
    Rating
    8.5
    Comparisons
    Learn More
    Overview

    Fortinet FortiAnalyzer is a powerful platform used for log management, analytics, and reporting. The solution is designed to provide organizations with automation, single-pane orchestration, and response for simplified security operations, as well as proactive identification and remediation of risks and complete visibility of the entire attack surface.

    Fortinet FortiAnalyzer Features

    Fortinet FortiAnalyzer has many valuable key features. Some of the most useful ones include:

    • Advanced threat detection capabilities
    • Centralized security analytics
    • End-to-end security posture awareness
    • Integration with FortiGate NGFWs, FortiClient, FortiSandbox, FortiWeb, and FortiMail
    • Incident detection and response
    • Playbook automation
    • Event management
    • Security services
    • Analytics and reporting

    Fortinet FortiAnalyzer Benefits

    There are many l benefits to implementing Fortinet FortiAnalyzer. Some of the biggest advantages the solution offers include:

    • Flexible deployment options
    • Enterprise-grade high availability
    • Security automation to reduce complexity, leveraging REST API, scripts, connectors, and automation stitches
    • Multi-tenancy solution with quota management, leveraging (ADOMs) to separate customer data and manage domains for operational effectiveness and compliance

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortinet FortiAnalyzer solution.

    PeerSpot user Imad A., Group IT Manager at a manufacturing company, says, “You can monitor all appliances from a centralized location. You have a front dashboard for all our operations and all the logs. If you need to search for anything you can just dig deep into the logs. The solution offers excellent customizable reports. In our case, we needed a monthly report of all internet consumption, and we were able to easily create this.” He goes on to add, “There are pre-defined templates. The logs cover any question or need that we populate within these templates. However, you can also build your own template. There is great analytics that can be used in different departments. For example, our marketing department can go more into media patterns and not just into browsing patterns. Everything is easily visible and can be tracked and studied.”

    Luis G., Systems Architect at Zentius, mentions, “Log collection is the most valuable [feature]. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine.”

    Rupsan S., Technical Presales Engineer at Dristi Tech Pvt.ltd., comments, "The feature that I have found the most valuable is to be able to see everything in our network in a single task. A single menu and the graphical bar charts that it provides to give insights are very useful. It also gives very good metrics on bandwidth utilization, CPU, and device performance. It is very simple and easy to use as well."

    Dilip S., Regional Head at Mass Infonet (P) Ltd., explains, “With FortiAnalyzer, you can see what the user is doing and what sites he goes to. You can also see how much quota there is and how much (size-wise) you want to hit, as well as what the incoming or outbound traffic is, and if it is through the ISP or not. Basically, you can see absolutely all activity using FortiAnalyzer. The solution is very complete. The product is very simple to use. It's regularly updated with many versions constantly adding more content and information. The solution has sandboxing, IPS, and DPS as well. The solution allows for a lot of customization.”

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Offer
    Learn more about Fortinet FortiAnalyzer
    Learn more about Splunk Enterprise Security
    Sample Customers
    General Directorate of Information Technology
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Top Industries
    REVIEWERS
    Comms Service Provider21%
    Computer Software Company15%
    Financial Services Firm13%
    Manufacturing Company13%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider10%
    Government9%
    Manufacturing Company6%
    REVIEWERS
    Financial Services Firm16%
    Computer Software Company15%
    Government11%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company15%
    Government10%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business50%
    Midsize Enterprise25%
    Large Enterprise25%
    VISITORS READING REVIEWS
    Small Business29%
    Midsize Enterprise19%
    Large Enterprise52%
    REVIEWERS
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    Buyer's Guide
    Fortinet FortiAnalyzer vs. Splunk Enterprise Security
    September 2023
    Find out what your peers are saying about Fortinet FortiAnalyzer vs. Splunk Enterprise Security and other solutions. Updated: September 2023.
    734,678 professionals have used our research since 2012.

    Fortinet FortiAnalyzer is ranked 8th in Log Management with 51 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 71 reviews. Fortinet FortiAnalyzer is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiAnalyzer writes "It creates a central point of management and control, giving you real-time insight into what is going on. ". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". Fortinet FortiAnalyzer is most compared with Wazuh, Graylog, Elastic Security, SolarWinds Kiwi Syslog Server and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Microsoft Sentinel, Dynatrace and Elastic Security. See our Fortinet FortiAnalyzer vs. Splunk Enterprise Security report.

    See our list of best Log Management vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.