We performed a comparison between Fortinet FortiSIEM and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The Log analytics are useful."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"It works well with medium to large-scale enterprises."
"Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same."
"Fortinet FortiSIEM is easy to use."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"Fortinet FortiSIEM is less costly than other products and is available 24/7."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"We are able to diagnose problems before our customers."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"Fortinet FortiSIEM could improve by having a signature update."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"They need to integrate better with Cisco and Palo Alto."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
"We need to see incident reports about the event log, without events from the administrator or through human interaction."
"Not very good on non-API features, lacks that functionality."
"There are some API gaps that are missing."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"The integration with multiple sources could be better."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"The solution should improve its UI."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Sumo Logic Security is ranked 20th in Security Information and Event Management (SIEM) with 18 reviews. Fortinet FortiSIEM is rated 7.6, while Sumo Logic Security is rated 8.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and IBM Security QRadar. See our Fortinet FortiSIEM vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.