Fortinet FortiSIEM and Wazuh both operate in the security information and event management (SIEM) solution space. Fortinet FortiSIEM appears to have the upper hand for larger organizations with its comprehensive monitoring, automation, and integration capabilities.
Features: Fortinet FortiSIEM offers comprehensive monitoring and automation, built-in analytics, and dashboards for real-time network visibility and security monitoring. It provides strong integration capabilities for diverse device management. Wazuh, being open-source, provides essential security features and is customizable, valued for its compatibility with different environments and cost-effectiveness. Its free access and integration capabilities with other systems make it appealing for smaller businesses.
Room for Improvement: Fortinet FortiSIEM could benefit from improvements in licensing flexibility, configuration management, out-of-the-box dashboards, and integration with third-party devices. Its technical support responsiveness needs enhancement. Wazuh could improve scalability and threat intelligence capabilities and simplify alert setups for larger enterprises.
Ease of Deployment and Customer Service: Fortinet FortiSIEM supports hybrid, public, private cloud, and on-premises deployments with mixed reviews on ease of implementation. Its customer service varies, with a broader support network compared to Wazuh's community-driven support. Wazuh's deployment is flexible across similar environments, with generally positive customer service feedback, although quicker technical assistance is suggested.
Pricing and ROI: Fortinet FortiSIEM is cost-effective for large-scale implementations but may have high initial costs. It offers various licensing models but can be complex. Users report positive ROI via improved security monitoring. Wazuh is free from licensing fees, making it attractive for budget-conscious users, though infrastructure maintenance costs arise. Fortinet's comprehensive features justify its investment while Wazuh is advantageous for small to medium businesses seeking affordable security management.
The platform has resulted in time saved and reduces mean time to response, making it a great platform.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
Local tech support is available, however, for more critical or technical issues, we depend on the OEM directly, especially when it comes to on-prem solutions.
There is a knowledgeable, though small, team of support engineers around the world.
The customer support for Fortinet FortiSIEM is excellent.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
At any point in time, when network devices increase or there is a change in the infrastructure, we can add more workers and collectors to expand our infrastructure setup.
Fortinet FortiSIEM is highly scalable.
Fortinet FortiSIEM's scalability is excellent, and it is also easy to configure, maintain, and operate.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
It stabilizes itself in an appropriate time, so its uptime is good.
These issues may cause unusual errors and user interface issues.
Some stability issues occur, but Fortinet's technical support team provides assistance.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
Recently, they revised it to a subscription-based, all-inclusive license.
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products.
Fortinet FortiSIEM should broaden its remediation part to include more features for incident management.
Machine learning is needed along with understanding user behavior and behavioral patterns.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
Setting it up for oneself as an enterprise-licensed product can be quite expensive.
Windows agent licenses cost around 3,000 Rupees per device per year.
The revised model is subscription-based and more flexible.
Wazuh is completely free of charge.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Totaling around two lakh Indian rupees per month.
It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security.
I find the real-time monitoring and correlation capabilities effective for security alerts.
Reliability and scalability have helped me in my work, especially because the license for Fortinet FortiSIEM is excellent from a cost perspective, and we can add more collectors as we expand.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Market Share (%) |
|---|---|
| Wazuh | 7.3% |
| Fortinet FortiSIEM | 2.8% |
| Other | 89.9% |
| Company Size | Count |
|---|---|
| Small Business | 34 |
| Midsize Enterprise | 22 |
| Large Enterprise | 24 |
| Company Size | Count |
|---|---|
| Small Business | 27 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.
Companies around the world use FortiSIEM for the following use cases:
Wazuh offers an open-source platform designed for seamless integration into diverse environments, making it ideal for enhancing security infrastructure. Its features include log monitoring, compliance support, and real-time threat detection, providing effective cybersecurity management.
Wazuh stands out for its ability to integrate easily with Kubernetes, cloud-native infrastructures, and various SIEM platforms like ELK. It features robust MITRE ATT&CK correlation, comprehensive log monitoring capabilities, and detailed reporting dashboards. Users benefit from its file integrity monitoring and endpoint detection and response (EDR) capabilities, which streamline compliance and vulnerability assessments. While appreciated for its customization and easy deployment, room for improvement exists in scalability, particularly in the free version, and in areas such as threat intelligence integration, cloud integration, and container security. The platform is acknowledged for its strong documentation and technical support.
What are the key features of Wazuh?In industries like finance, healthcare, and technology, Wazuh is utilized for its capabilities in log aggregation, threat detection, and vulnerability management. Companies often implement its features to ensure compliance with stringent regulations and to enhance security practices across cloud environments. By leveraging its integration capabilities, organizations can achieve unified security management, ensuring comprehensive protection of their digital assets.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
