We performed a comparison between Fortinet FortiSIEM and NETSCOUT vSTREAM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It has a lot of great features."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"It's very easy for anyone to work with."
"To add workers and even collectors is pretty easy."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."
"Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections."
"Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"One of the valuable features is the packet decoding."
"vSTREAM gives us better visibility and reporting about our network infrastructure, allowing for cost-optimization."
"The AI capabilities must be improved."
"The only thing is sometimes you can have a false positive."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"There is room for improvement in entity behavior and the integration site."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"Network detection and response is a separate product."
"I would like to see more integration with other platforms."
"Customer support service could be better."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"Room for improvement exists in filtering in the packet decode."
"I would like for it to have a smaller footprint of the virtual appliance and better performance."
"I would like to see improvements made to the user guide."
Earn 20 points
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 63 reviews while NETSCOUT vSTREAM is ranked 73rd in Network Monitoring Software. Fortinet FortiSIEM is rated 7.6, while NETSCOUT vSTREAM is rated 8.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NETSCOUT vSTREAM writes "Troubleshooting at the packet level helps us resolve issues more quickly". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas NETSCOUT vSTREAM is most compared with vRealize Network Insight, Azure Network Watcher, Arista Data ANalyZer and NETSCOUT InfiniStreamNG. See our Fortinet FortiSIEM vs. NETSCOUT vSTREAM report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.