Coming October 25: PeerSpot Awards will be announced! Learn more

Fortinet FortiSIEM vs Splunk comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 15 Devo reviews
13,793 views|5,331 comparisons
Fortinet Logo
14,614 views|8,477 comparisons
Splunk Logo
83,751 views|69,322 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Fortinet FortiSIEM and Splunk based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Fortinet FortiSIEM vs. Splunk report (Updated: August 2022).
632,611 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.""The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us.""Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data.""The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events.""The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before.""The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."

More Devo Pros →

"It's a very nice solution to work with.""Technical support is helpful.""Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.""FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high.""The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls.""We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.""The CMDB and the device discovery features are most valuable.""The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."

More Fortinet FortiSIEM Pros →

"We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.""I have found the installation can be of medium difficulty to very complex depending on the use case.""Its compatibility with other SIEMS is very useful.""The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.""The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.""It is very easy to use and integrate. There are connectors for every technology.""It's better than IBM, in my opinion, because it's an independent entity.""The most valuable feature is the log aggregation, being able to scan through all of the logs."

More Splunk Pros →

Cons
"I would like to have the ability to create more complex dashboards.""From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments.""The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc.""There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space.""Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs.""Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution.""Technical support could be better.""An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."

More Devo Cons →

"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS.""It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option.""There is no proper guide for integration or configuration.""With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk.""Fortinet FortiSIEM could improve by having a signature update.""Its training can be improved. Its price also needs to be improved.""Fortinet FortiSIEM could improve to extend to several locations or sites.""The graphs on the user interface could be improved as we often experience glitches."

More Fortinet FortiSIEM Cons →

"The complexity could be worked on so that it's even easier and faster.""The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers.""If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide.""The price of the solution could be cheaper.""On-premises scaling of the solution is a bit more limited than it is on the cloud.""Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue.""The support that is included with the standard licensing fee is very bad.""The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."

More Splunk Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."
  • "The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
  • "They have a yearly subscription."
  • "The solution is available for both, perpetual and subscription licenses."
  • "Manageable, however would be better as pay as you go versus CapEX."
  • "The price of Fortinet FortiSIEM was reasonable compared to other solutions."
  • "There are additional features that cost more than the standard licensing fees."
  • "This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
  • More Fortinet FortiSIEM Pricing and Cost Advice →

  • "I think that most of the monitoring solutions are expensive."
  • "I think that most of the log analytics solutions are expensive and I'm not sure if it's worth it."
  • "Our customers often complain that the price of Splunk is too high."
  • "Licensing is a yearly, one-time cost."
  • "The price is comparable."
  • "The pricing model is expensive and a nightmare based on the amount of data."
  • "The solution is a little expensive."
  • "It is economical than other solutions."
  • More Splunk Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    632,611 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:The event correlation is pretty robust. The GUI is pretty good.
    Top Answer:This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is… more »
    Top Answer:Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Comparisons
    Also Known As
    FortiSIEM, AccelOps
    Splunk Enterprise Security
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

    Companies around the world use FortiSIEM for the following use cases:

    • Threat management and intelligence that provide situational awareness and anomaly detection
    • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
    • Managing “alert overload”
    • Handling the “too many tools” reporting issue
    • Addressing the MSPs/MSSPs pain of meeting service level agreements

    Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.

    Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.

    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about Fortinet FortiSIEM
    Learn more about Splunk
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Top Industries
    REVIEWERS
    Computer Software Company63%
    Comms Service Provider13%
    Retailer13%
    Insurance Company13%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Comms Service Provider13%
    Financial Services Firm9%
    Government9%
    REVIEWERS
    Comms Service Provider27%
    Computer Software Company10%
    Financial Services Firm10%
    Retailer7%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider18%
    Government8%
    Manufacturing Company5%
    REVIEWERS
    Financial Services Firm19%
    Energy/Utilities Company10%
    Computer Software Company10%
    Government7%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Financial Services Firm14%
    Comms Service Provider13%
    Government8%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise18%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise17%
    Large Enterprise61%
    REVIEWERS
    Small Business42%
    Midsize Enterprise25%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise23%
    Large Enterprise50%
    REVIEWERS
    Small Business32%
    Midsize Enterprise14%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise15%
    Large Enterprise68%
    Buyer's Guide
    Fortinet FortiSIEM vs. Splunk
    August 2022
    Find out what your peers are saying about Fortinet FortiSIEM vs. Splunk and other solutions. Updated: August 2022.
    632,611 professionals have used our research since 2012.

    Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 22 reviews while Splunk is ranked 1st in Security Information and Event Management (SIEM) with 69 reviews. Fortinet FortiSIEM is rated 7.6, while Splunk is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources". On the other hand, the top reviewer of Splunk writes "Very versatile for many use cases". Fortinet FortiSIEM is most compared with Microsoft Sentinel, IBM QRadar, Elastic Security, PRTG Network Monitor and LogRhythm NextGen SIEM, whereas Splunk is most compared with Microsoft Sentinel, Elastic Security, Dynatrace, Azure Monitor and AppDynamics. See our Fortinet FortiSIEM vs. Splunk report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.