We performed a comparison between Fortinet FortiSIEM and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration.
Service and Support: Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It's pretty powerful and its performance is pretty good."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"The product is quite well-organized. The GUI makes it easy to navigate."
"FortiSIEM's best features are the dashboards and customization."
"One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"It is used as an alerting platform."
"The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"The security operation center is excellent."
"The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources."
"The AI capabilities must be improved."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The on-prem log sources still require a lot of development."
"I think the number one area of improvement for Sentinel would be the cost."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"The backup and recovery process for this solution needs improvement."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.vvv"
"Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."
"The solution's interface could be modernized and improved."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"Sometimes, the tool fails to get the correlated events that triggered the alerts."
"It is a product that is very hard to use."
"Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"The product's stability needs improvement."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"The solution is likely not the best option for a smaller organization."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. Fortinet FortiSIEM is rated 7.6, while LogRhythm SIEM is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, ThousandEyes and PRTG Network Monitor, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Elastic Security. See our Fortinet FortiSIEM vs. LogRhythm SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.