Fortinet FortiSIEM vs Microsoft Sentinel comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Jan 4, 2023

We performed a comparison between Fortinet FortiSIEM and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: For the most part, users of both solutions say they are easy and straightforward to deploy.
  • Features: Fortinet FortiSIEM users appreciate that the solution gives them the ability to combine SOC and NOC operations in the same tool. The solution has a robust event correlation feature and a very intuitive, user-friendly GUI. Many users feel the solution is a bit clunky and that some critical processes are too slow.

    Microsoft Sentinel users say the solution handles investigations remarkably well. The solution provides intuitive machine learning and artificial intelligence that users find extremely beneficial. Some users feel that Microsoft Sentinel should improve the number of data connectors available to include more vendors.

  • Pricing: Overall, users feel the pricing for both solutions is reasonable.
  • Service and Support: For the most part, users of both solutions are satisfied with the service and support they have received.

Comparison Results: Microsoft is considered one of the industry leaders in the SIEM space. Microsoft Sentinel allows users to investigate threats seamlessly and manage them quickly, all from one single place. Microsoft Sentinel is a complete solution. Many users feel Fortinet FortiSIEM's learning curve takes too long and tell us the solution should have better integrations with other third-party solutions.

To learn more, read our detailed Fortinet FortiSIEM vs. Microsoft Sentinel Report (Updated: September 2023).
735,432 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution is easy to use and user-friendly.""We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.""FortiSIEM's best features are the dashboards and customization.""The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted.""The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls.""The most valuable feature is the anomaly-reporting alarms.""The most valuable feature of Fortinet FortiSIEM is the correlation of many events.""Technical support is helpful."

More Fortinet FortiSIEM Pros →

"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.""Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment.""The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent.""Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything.""The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native.""I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products.""The connectivity and analytics are great.""Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."

More Microsoft Sentinel Pros →

Cons
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.""The graphs on the user interface could be improved as we often experience glitches.""They should enhance the solution's AI capabilities, including XDR and EDR.""The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.""FortiSIEM could be better integrated with other vendors.""FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors.""Areas for improvement would be the ease of use and the integration with Fortinet's own products.""Fortinet FortiSIEM could improve to extend to several locations or sites."

More Fortinet FortiSIEM Cons →

"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft.""There is room for improvement in entity behavior and the integration site.""We are invoiced according to the amount of data generated within each log.""The troubleshooting has room for improvement.""We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days.""When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel""The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it.""The playbook is a bit difficult and could be improved."

More Microsoft Sentinel Cons →

Pricing and Cost Advice
  • "The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
  • "They have a yearly subscription."
  • "The solution is available for both, perpetual and subscription licenses."
  • "Manageable, however would be better as pay as you go versus CapEX."
  • "The price of Fortinet FortiSIEM was reasonable compared to other solutions."
  • "There are additional features that cost more than the standard licensing fees."
  • "This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
  • "Fortinet's products are not expensive, it is less than the competition."
  • More Fortinet FortiSIEM Pricing and Cost Advice →

  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • "Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."
  • "I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
  • More Microsoft Sentinel Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    735,432 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Fortinet FortiSIEM is less costly than other products and is available 24/7.
    Top Answer:The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license.
    Top Answer:Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market.
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will… more »
    Ranking
    Views
    9,350
    Comparisons
    4,889
    Reviews
    25
    Average Words per Review
    376
    Rating
    7.4
    Views
    35,430
    Comparisons
    20,278
    Reviews
    62
    Average Words per Review
    1,590
    Rating
    8.3
    Comparisons
    Also Known As
    FortiSIEM, AccelOps
    Azure Sentinel
    Learn More
    Overview

    FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

    Companies around the world use FortiSIEM for the following use cases:

    • Threat management and intelligence that provide situational awareness and anomaly detection
    • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
    • Managing “alert overload”
    • Handling the “too many tools” reporting issue
    • Addressing the MSPs/MSSPs pain of meeting service level agreements

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Offer
    Learn more about Fortinet FortiSIEM
    Learn more about Microsoft Sentinel
    Sample Customers
    FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Top Industries
    REVIEWERS
    Comms Service Provider23%
    Financial Services Firm10%
    Computer Software Company10%
    Media Company10%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider10%
    Government10%
    Manufacturing Company5%
    REVIEWERS
    Financial Services Firm23%
    Healthcare Company7%
    Comms Service Provider7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government10%
    Financial Services Firm9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise24%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business30%
    Midsize Enterprise18%
    Large Enterprise52%
    REVIEWERS
    Small Business32%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise15%
    Large Enterprise61%
    Buyer's Guide
    Fortinet FortiSIEM vs. Microsoft Sentinel
    September 2023
    Find out what your peers are saying about Fortinet FortiSIEM vs. Microsoft Sentinel and other solutions. Updated: September 2023.
    735,432 professionals have used our research since 2012.

    Fortinet FortiSIEM is ranked 10th in Security Information and Event Management (SIEM) with 27 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 71 reviews. Fortinet FortiSIEM is rated 7.4, while Microsoft Sentinel is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Fortinet FortiSIEM is most compared with Splunk Enterprise Security, IBM Security QRadar, PRTG Network Monitor, LogRhythm SIEM and ThousandEyes, whereas Microsoft Sentinel is most compared with AWS Security Hub, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Cloud and Palo Alto Networks Cortex XSOAR. See our Fortinet FortiSIEM vs. Microsoft Sentinel report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.