Fortinet FortiSIEM vs IBM Security QRadar comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Jul 12, 2023

We performed a comparison between IBM Security QRadar and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture.  Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.

  • Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.

  • Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.

  • Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.

  • ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.

Comparison Results: Our users prefer IBM Security QRadar over Fortinet FortiSIEM. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.

To learn more, read our detailed Fortinet FortiSIEM vs. IBM Security QRadar Report (Updated: September 2023).
735,432 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything.""Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements.""I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response.""The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning.""One of the most valuable features of Microsoft Sentinel is that it's cloud-based.""It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.""Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually.""The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."

More Microsoft Sentinel Pros →

"The solution is easy to use and user-friendly.""Technical support is helpful.""FortiSIEM's best features are the dashboards and customization.""Fortinet FortiSIEM is less costly than other products and is available 24/7.""FortiSIEM's log correlation is good.""The solution’s IP database is awesome.""I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics.""Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."

More Fortinet FortiSIEM Pros →

"We can easily monitor many things using this tool.""The product can scale.""The interface is good.""The solution is easy to use, manage, and review all incidents.""It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want.""Improves visibility and has a great new dashboard.""The scalability is very good. It's not a problem.""What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."

More IBM Security QRadar Pros →

Cons
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook.""At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market.""Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs.""Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools.""Microsoft Sentinel is relatively expensive, and its cost should be improved.""The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel.""The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything...""Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."

More Microsoft Sentinel Cons →

"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.""We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.""FortiSIEM could be better integrated with other vendors.""Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.""An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS.""The process of installing Fortinet FortiSIEM and the customization of the alerts take too long.""The graphs on the user interface could be improved as we often experience glitches.""Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."

More Fortinet FortiSIEM Cons →

"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information.""It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar.""Whenever we are upgrading or installing any type of patch, at that time we have some delays.""The AI engine could be smarter.""The IBM support can be better.""The solution could improve by having more out-of-the-box use cases.""The solution can be improved by lowering the cost and bettering their technical support.""There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."

More IBM Security QRadar Cons →

Pricing and Cost Advice
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • "Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."
  • "I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
  • "They have a yearly subscription."
  • "The solution is available for both, perpetual and subscription licenses."
  • "Manageable, however would be better as pay as you go versus CapEX."
  • "The price of Fortinet FortiSIEM was reasonable compared to other solutions."
  • "There are additional features that cost more than the standard licensing fees."
  • "This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
  • "Fortinet's products are not expensive, it is less than the competition."
  • More Fortinet FortiSIEM Pricing and Cost Advice →

  • "There is a license to use this solution, which is paid annually. However, there are subscription options available."
  • "There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option."
  • "Pricing is good."
  • "You have a one-time payment, and you also can purchase it for one year as a subscription. We have it on-premise, and we have a permanent license for it. We have to pay for the support on a yearly basis. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or ten years, Azure Sentinel will be more expensive than QRadar. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or 10 years, Azure Sentinel can be more expensive than QRadar."
  • "Licensing can be costly depending on your architecture."
  • "There is an annual license required for this solution."
  • "QRadar's price is reasonable compared to LogRhythm."
  • "We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
  • More IBM Security QRadar Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    735,432 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:Fortinet FortiSIEM is less costly than other products and is available 24/7.
    Top Answer:The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license.
    Top Answer:Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market.
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Top Answer:The event collector, flow collector, PCAP and SOAR are valuable.
    Comparisons
    Also Known As
    Azure Sentinel
    FortiSIEM, AccelOps
    IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
    Learn More
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

    Companies around the world use FortiSIEM for the following use cases:

    • Threat management and intelligence that provide situational awareness and anomaly detection
    • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
    • Managing “alert overload”
    • Handling the “too many tools” reporting issue
    • Addressing the MSPs/MSSPs pain of meeting service level agreements

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    Offer
    Learn more about Microsoft Sentinel
    Learn more about Fortinet FortiSIEM
    Want to Hear More?

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    Top Industries
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company7%
    Manufacturing Company7%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government10%
    Financial Services Firm9%
    Manufacturing Company7%
    REVIEWERS
    Comms Service Provider23%
    Media Company10%
    Financial Services Firm10%
    Computer Software Company10%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider10%
    Government10%
    Manufacturing Company5%
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company13%
    Comms Service Provider11%
    Security Firm6%
    VISITORS READING REVIEWS
    Educational Organization17%
    Computer Software Company15%
    Financial Services Firm9%
    Government7%
    Company Size
    REVIEWERS
    Small Business32%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise15%
    Large Enterprise61%
    REVIEWERS
    Small Business40%
    Midsize Enterprise24%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business30%
    Midsize Enterprise18%
    Large Enterprise52%
    REVIEWERS
    Small Business39%
    Midsize Enterprise16%
    Large Enterprise46%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise28%
    Large Enterprise52%
    Buyer's Guide
    Fortinet FortiSIEM vs. IBM Security QRadar
    September 2023
    Find out what your peers are saying about Fortinet FortiSIEM vs. IBM Security QRadar and other solutions. Updated: September 2023.
    735,432 professionals have used our research since 2012.

    Fortinet FortiSIEM is ranked 10th in Security Information and Event Management (SIEM) with 27 reviews while IBM Security QRadar is ranked 3rd in Security Information and Event Management (SIEM) with 47 reviews. Fortinet FortiSIEM is rated 7.4, while IBM Security QRadar is rated 7.8. The top reviewer of Fortinet FortiSIEM writes "It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources". On the other hand, the top reviewer of IBM Security QRadar writes "Good dashboard and helpful third-party plugins but technical support could be better". Fortinet FortiSIEM is most compared with Splunk Enterprise Security, PRTG Network Monitor, LogRhythm SIEM, ThousandEyes and ManageEngine Log360, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, Elastic Security, LogRhythm SIEM and Securonix Next-Gen SIEM. See our Fortinet FortiSIEM vs. IBM Security QRadar report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.