We performed a comparison between Fortinet FortiSIEM and IBM SevOne Network Performance Management (NPM) based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"FortiSIEM is a great tool for making security processes transparent."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"We find the solution to be stable."
"Fortinet FortiSIEM provides good detection against advanced threats."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly."
"We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
"Scalability. I have never had to worry about how to handle really big environments."
"The automation feature is good because if your CMDB is OK and it is already in sync, then the automation part is good to go."
"The most valuable feature as of late has been the API integration with ServiceNow."
"It's a great solution for highlighting and discovering useful information regarding our network's elements."
"I like the tool’s scalability and real-time reports. Earlier, we struggled to give real-time reports to clients. I also like the tool’s deployment model where we can deploy it either on-premises or in-house. We don’t have to carry the data all over the globe. Also, I am impressed with the tool's flow reporting and Wi-Fi."
"The modules and the performance management reports that come with data insights are two of the most valuable features. I also find the reports for Wi-Fi, Netflow, LAN, and WAN for monitoring to be very good."
"Flexible architecture: You can extend the system and its capacity by attaching another cluster pair."
"One of the solution's biggest strengths is its capacity management performance, with out-of-the-box reports through NMS, as well as its ability to collect NetFlow-related data from devices. The collection of network performance and flow data is important because we have many critical business applications."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The only thing is sometimes you can have a false positive."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The troubleshooting has room for improvement."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"We are invoiced according to the amount of data generated within each log."
"The on-prem log sources still require a lot of development."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"There could be more AI features included in the product."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"The nodes on our network did not comply with the SIEM solution. They use a different format parking log."
"The solution's interface could be modernized and improved."
"There are a lot of pain points. My main problem is that we don't have a high availability system. There are 20 peers. We're going to lose the end-of-life appliances that are old. If we lose a peer and it doesn't come back, we lose all that data. The reason we don't have high availability is because it's double the charge."
"The customizations are very hard. The person doing it has to be very good at analytics and has to be very good in all languages"
"Software upgrades can be tricky is not easy."
"The method of searching for SIP and the way to create the groups."
"The GUI: both the dashboard/user view and the admin tool."
"We previously have had discussions on some reporting enhancements. So, we raised a feature request, which was delivered from SevOne."
"With the administrative management of the appliance, if some object appears from SevOne because something changed in the network or whatever, then as an administrator you will not be aware. If you are using this object in a report, this object will disappear from the report and you will not be aware of it. So, if you have 1,000 reports, you cannot always check these reports everyday to see if objects are missing or information has disappeared. We don't have any information on alerts, saying that something is happening there and maybe we need to take action. If an object was replaced by another one, or if a link was replaced by another one, then the graph needs to be changed because it doesn't exist in the graph anymore. However, we don't have this information."
"There are some tweaks and enhancements that I've already requested. One is to be able to make changes per device rather than as a global setting. That has to do with naming. It's minor."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 64 reviews while IBM SevOne Network Performance Management (NPM) is ranked 41st in Network Monitoring Software with 52 reviews. Fortinet FortiSIEM is rated 7.6, while IBM SevOne Network Performance Management (NPM) is rated 8.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of IBM SevOne Network Performance Management (NPM) writes "We can get a new vendor certified and monitored in our system significantly faster than before". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas IBM SevOne Network Performance Management (NPM) is most compared with Instana Infrastructure Monitoring, LogicMonitor, SolarWinds Network Device Monitor, Splunk Enterprise Security and SolarWinds NPM.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
