We performed a comparison between Fortinet FortiSIEM and Observer GigaStor based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The automation feature is valuable."
"Free ingestion for Azure logs (with E5 licence)"
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"The most valuable feature is the anomaly-reporting alarms."
"This solution offers extensive customization options, making it possible to adapt it precisely to their requirements."
"Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections."
"The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install."
"The stability is very reliable. It offers very good performance."
"Technical support is helpful."
"The ability to capture packets. It is not only for monitoring. That is very important for a company that wants to keep an eye on the packets, the transactions, the flows..."
"This solution allows us to see exactly what is going on in the network and we can very quickly solve issues with users."
"I also have the ability to see an application's performance, to see what's going on, why a network is slow, why this program for this user is experiencing a delay or some network issue"
"It's able to capture packets and, after a long time, you can come and use that information; to check, to analyze - everything you would want to do. So it's very good and helpful if you want to protect your data. It is stored in a certain place where you can access it every time you want to analyze it."
"It can help to write your rules, organize firewalls, your block, and also your protocols and IP address to come in or out of your network."
"There are many valuable features, but understanding end-user response times stands out. It provides a score-based evaluation of user experience, helping customers quickly pinpoint whether issues originate from the network, server, client, or application. Additionally, it facilitates in-depth analysis of application dependencies."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"Patching is not great - we're not getting the support we'd expect."
"Customer support service could be better."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"I would like to have more than 4TB of storage available in the portable version of this solution."
"Graphics need improvement. Because a lot of the information there you have to input first in some case to have full potential. It could be more automated."
"Maybe the graphical user interface could be simplified to allow people to use it more easily. It's already good, but they can work more on it to make it even easier."
"GigaStor feeds into Apex. So, the area where there could be improvement would be in artificial intelligence. For example, the incorporation of more advanced machine learning or AI capabilities could enhance its functionality."
Earn 20 points
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Observer GigaStor is ranked 91st in Network Monitoring Software with 7 reviews. Fortinet FortiSIEM is rated 7.6, while Observer GigaStor is rated 9.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Observer GigaStor writes "Aids significantly in the threat-hunting process and provides a score-based evaluation of user experience". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas Observer GigaStor is most compared with Gigamon Deep Observability Pipeline, Wireshark, Kentik and Cisco Nexus Dashboard Data Broker. See our Fortinet FortiSIEM vs. Observer GigaStor report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
