Splunk Enterprise Security and Fortinet FortiAnalyzer are advanced solutions competing in the security information and event management (SIEM) category. Splunk Enterprise Security seems to have the upper hand due to its extensive data integration and search capabilities.
Features: Splunk Enterprise Security excels with comprehensive data analytics, rapid search functionality, and the ability to ingest data from various sources, making it ideal for compliance-driven organizations. Its Search Processing Language (SPL) offers profound customization. Fortinet FortiAnalyzer specializes in centralized log management and event management, offering detailed reporting and network visibility, easily integrating with other Fortinet products.
Room for Improvement: Splunk Enterprise Security could enhance the operational workflow with easier setup for new data sources and better visualizations. There's also room for improvement in predictive analytics and user access controls. Fortinet FortiAnalyzer needs improvements in integrating third-party solutions and refining user interface design while enhancing security analytics and technical support.
Ease of Deployment and Customer Service: Splunk offers flexible deployment options across various environments but is often criticized for its complex and costly configuration process. Customer service gets mixed reviews regarding responsiveness. Fortinet FortiAnalyzer provides a simpler installation process suitable for cloud and on-premises setups but faces slower technical support responsiveness, affecting customer satisfaction.
Pricing and ROI: Splunk Enterprise Security, known for its comprehensive capabilities, may pose cost challenges due to its data usage-based licensing, yet it delivers high ROI for large-scale operations. Fortinet FortiAnalyzer offers a cost-effective solution with an annual licensing model, serving mid-sized businesses well, though its pricing still concerns some customers.
The impact of the tool is low when the functionalities are inaccessible due to resource consumption.
Fortinet is highly efficient for moderate deployments and provides a secure platform for medium-sized networks and data centers.
I have seen a return on investment with Fortinet FortiAnalyzer due to its competitive pricing and straightforward licensing model based on the amount of log data processed per day.
I have noticed a return on investment with Splunk Enterprise Security, as it delivers substantial value for money.
Splunk's cost is justified for large environments with extensive assets.
Customer service and support for Fortinet FortiAnalyzer are quite helpful and responsive.
Technical support is good, and I rate it ten out of ten.
The support service is very slow and incompetent.
If you want to write your own correlation rules, it is very difficult to do, and you need Splunk's support to write new correlation rules for the SIEM tool.
I have sought assistance from Splunk Enterprise Security support in the past, particularly during deployment, and they provide friendly and effective help.
The technical support for Splunk met my expectations.
Fortinet FortiAnalyzer is scalable, especially for the VM versions, as additional space can be provisioned from the servers as needed.
FortiAnalyzer is a scalable product.
It typically handles three to five years of expansion effectively.
They struggle a bit with pure virtual environments, but in terms of how much they can handle, it is pretty good.
It is easy to scale.
I find it easy to scale Splunk Enterprise Security for our environment.
We faced some CPU consumption issues, which caused the machine to slow down and required a restart of FortiAnalyzer.
It remains stable during implementation for one or two years.
It provides a reliable solution for managing network-wide data.
It provides a stable environment but needs to integrate with ITSM platforms to achieve better visibility.
It is very stable.
When licensing, each device is licensed separately, such as the firewall, which can become expensive.
This would help in analyzing various security incidents and events more effectively by delivering a handful of relevant logs instead of thousands.
Enhanced deep inspection features would make troubleshooting easier.
Improving the infrastructure behind Splunk Enterprise Security is vital—enhanced cores, CPUs, and memory should be prioritized to support better processing power.
What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel.
Splunk Enterprise Security would benefit from a more robust rule engine to reduce false positives.
Its licensing model is based on the amount of log data processed per day, making it more cost-effective compared to QRadar, which is EPS and device-based.
In terms of pricing, FortiAnalyzer is not expensive.
In the Indian market, Fortinet's pricing is very competitive, allowing us to win most of our deals.
I saw clients spend two million dollars a year just feeding data into the Splunk solution.
The platform requires significant financial investment and resources, making it expensive despite its comprehensive features.
Splunk is priced higher than other solutions.
The advanced analytics capabilities aid in threat detection by providing visibility into indicators of compromise.
The most valuable feature of Fortinet FortiAnalyzer is its ability to simplify and display logs clearly, providing details like which IPs are accessing the system, the destination, and the policies applied.
The log management is useful as we have connected around two hundred eighty-five walls and around fifteen to twenty plus firewalls with Fortinet FortiAnalyzer, making it highly beneficial compared to logging into each individual firewall.
This capability is useful for performance monitoring and issue identification.
They have approximately 50,000 predefined correlation rules.
The Splunk Enterprise Security's threat-hunting capabilities have been particularly useful in later releases.
Fortinet FortiAnalyzer is a powerful platform used for log management, analytics, and reporting. The solution is designed to provide organizations with automation, single-pane orchestration, and response for simplified security operations, as well as proactive identification and remediation of risks and complete visibility of the entire attack surface.
Fortinet FortiAnalyzer Features
Fortinet FortiAnalyzer has many valuable key features. Some of the most useful ones include:
Fortinet FortiAnalyzer Benefits
There are many l benefits to implementing Fortinet FortiAnalyzer. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortinet FortiAnalyzer solution.
PeerSpot user Imad A., Group IT Manager at a manufacturing company, says, “You can monitor all appliances from a centralized location. You have a front dashboard for all our operations and all the logs. If you need to search for anything you can just dig deep into the logs. The solution offers excellent customizable reports. In our case, we needed a monthly report of all internet consumption, and we were able to easily create this.” He goes on to add, “There are pre-defined templates. The logs cover any question or need that we populate within these templates. However, you can also build your own template. There is great analytics that can be used in different departments. For example, our marketing department can go more into media patterns and not just into browsing patterns. Everything is easily visible and can be tracked and studied.”
Luis G., Systems Architect at Zentius, mentions, “Log collection is the most valuable [feature]. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine.”
Rupsan S., Technical Presales Engineer at Dristi Tech Pvt.ltd., comments, "The feature that I have found the most valuable is to be able to see everything in our network in a single task. A single menu and the graphical bar charts that it provides to give insights are very useful. It also gives very good metrics on bandwidth utilization, CPU, and device performance. It is very simple and easy to use as well."
Dilip S., Regional Head at Mass Infonet (P) Ltd., explains, “With FortiAnalyzer, you can see what the user is doing and what sites he goes to. You can also see how much quota there is and how much (size-wise) you want to hit, as well as what the incoming or outbound traffic is, and if it is through the ISP or not. Basically, you can see absolutely all activity using FortiAnalyzer. The solution is very complete. The product is very simple to use. It's regularly updated with many versions constantly adding more content and information. The solution has sandboxing, IPS, and DPS as well. The solution allows for a lot of customization.”
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.
What are the key features?Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
