We compared Splunk Enterprise Security and Fortinet FortiSIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some FortiSIEM users found it effortless to install within a day or two. Others reported difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities, but reviewers say its analytics and AI capabilities need improvement. Fortinet FortiSIEM is considered an affordable solution with effective correlation features, but it falls short in terms of database monitoring and reporting.
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Log aggregation and data connectors are the most valuable features."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same."
"Technical support is helpful."
"The event correlation is pretty robust. The GUI is pretty good."
"The Threat Hunting feature provides complete traffic analysis."
"The most valuable feature is the anomaly-reporting alarms."
"FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high."
"FortiSIEM is a great tool for making security processes transparent."
"Fortinet FortiSIEM is less costly than other products and is available 24/7."
"It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface."
"The correlation searches are most valuable just because we are able to do things like RBA."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"I like Splunk's data aggregation and search capabilities."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"I think the number one area of improvement for Sentinel would be the cost."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"The graphs on the user interface could be improved as we often experience glitches."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"They need to integrate better with Cisco and Palo Alto."
"Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Splunk Enterprise Security has not helped reduce our alert volume."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"The support that is included with the standard licensing fee is very bad."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"Sometimes, there is latency in the logs."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 25 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 76 reviews. Fortinet FortiSIEM is rated 7.4, while Splunk Enterprise Security is rated 8.6. The top reviewer of Fortinet FortiSIEM writes "It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". Fortinet FortiSIEM is most compared with IBM Security QRadar, LogRhythm SIEM, PRTG Network Monitor, ThousandEyes and ManageEngine Log360, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Fortinet FortiSIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
