We performed a comparison between Fortinet FortiSIEM and LogRhythm NetMon based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"It has basic out-of-the-box integrations with multiple log sources."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The product is quite well-organized. The GUI makes it easy to navigate."
"Real-time monitoring makes life quite easy for me."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"Technical support is helpful."
"The Threat Hunting feature provides complete traffic analysis."
"Visibility is a valuable feature, the ability to see even if the traffic is not going into the firewall"
"NetMon's best feature is traffic analysis."
"The most valuable feature is the log, which can be analyzed by our SIEM solution."
"The protocols with which you see the traffic for a particular website that a client has in their environment, for example, are valuable. We can monitor whether the traffic is up to the mark or whether they need to add more bandwidth. Also, we can see if we're able to get real-time environment data as well. The customization dashboard is really good. LogRhythm NetMon has its own in-built dashboards which are helpful in guiding customization."
"It has a very strong artificial intelligence engine."
"It is a stable solution...It is a scalable solution."
"The analytics feature is the most valuable feature."
"There is room for improvement in entity behavior and the integration site."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"The biggest thing that could be better is a quicker response to support cases."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"I would like to see more integration with other platforms."
"The training for this product is not very good and needs to be improved."
"There is an issue with tunneling in relation to how the connectivity is established between the end devices and where NetMon is installed. On the console, I often observe that there's a difference of a few seconds or maybe a minute, and this lag time should not be there."
"I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products."
"Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations."
"LogRhythm NetMon's pricing model is an area of concern that should be made a little bit cheaper in comparison to the other players in the market currently."
"Sometimes it's hard to find the network devices' self-audit logs."
"Could use a topology diagram which would help get an exact visual."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while LogRhythm NetMon is ranked 57th in Network Monitoring Software with 9 reviews. Fortinet FortiSIEM is rated 7.6, while LogRhythm NetMon is rated 7.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of LogRhythm NetMon writes "A stable and scalable tool useful for network behavior analysis, DPA, and network forensic services". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas LogRhythm NetMon is most compared with PRTG Network Monitor, ObserverLIVE, SCOM and Zabbix. See our Fortinet FortiSIEM vs. LogRhythm NetMon report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
