Fortinet FortiSIEM and Wazuh are competitors in the security monitoring and alerting category. Fortinet FortiSIEM appears to have an upper hand with its comprehensive feature set and integration capabilities, while Wazuh excels with cost-effectiveness and flexibility.
Features: Fortinet FortiSIEM provides seamless integration within its suite, advanced correlation and threat detection, and extensive reporting capabilities. Wazuh offers flexibility and system compatibility, particularly with cloud environments. Its open-source model provides impressive adaptability and cost-effectiveness, with strong compliance management features.
Room for Improvement: Fortinet FortiSIEM could improve integration with third-party solutions, streamline configuration processes, and enhance its reporting features and technical support. Users seek improvements in scalability, integration with threat intelligence, and AI capabilities in Wazuh. Its open-source nature sometimes requires handling complex configurations independently, encouraging calls for better support and usability, particularly for larger enterprises.
Ease of Deployment and Customer Service: Fortinet FortiSIEM offers broad deployment across hybrid, public, and private cloud environments, with generally reliable technical support despite some reported delays. Wazuh also supports versatile deployment options, especially for hybrid and cloud setups, but user experiences with its technical support vary.
Pricing and ROI: Fortinet FortiSIEM is known for competitive pricing and notable ROI via enhanced security capabilities despite some perceptions of high cost. Meanwhile, Wazuh's open-source nature eliminates license fees, aiding budget-conscious entities, though hidden costs for support and infrastructure are noted. Both products deliver a strong ROI with Fortinet FortiSIEM recognized for its features and Wazuh for its cost-effectiveness.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
Local tech support is available, however, for more critical or technical issues, we depend on the OEM directly, especially when it comes to on-prem solutions.
There is a knowledgeable, though small, team of support engineers around the world.
They take some time to respond because they need logs and investigations, which delays the response time.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
At any point in time, when network devices increase or there is a change in the infrastructure, we can add more workers and collectors to expand our infrastructure setup.
Fortinet FortiSIEM is highly scalable.
Fortinet FortiSIEM is easy to scale.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
It stabilizes itself in an appropriate time, so its uptime is good.
These issues may cause unusual errors and user interface issues.
Some stability issues occur, but Fortinet's technical support team provides assistance.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
Recently, they revised it to a subscription-based, all-inclusive license.
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products.
Fortinet FortiSIEM should broaden its remediation part to include more features for incident management.
Machine learning is needed along with understanding user behavior and behavioral patterns.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
Setting it up for oneself as an enterprise-licensed product can be quite expensive.
Windows agent licenses cost around 3,000 Rupees per device per year.
The revised model is subscription-based and more flexible.
Wazuh is completely free of charge.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Totaling around two lakh Indian rupees per month.
It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security.
I find the real-time monitoring and correlation capabilities effective for security alerts.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Market Share (%) |
|---|---|
| Wazuh | 10.9% |
| Fortinet FortiSIEM | 3.2% |
| Other | 85.9% |
| Company Size | Count |
|---|---|
| Small Business | 34 |
| Midsize Enterprise | 21 |
| Large Enterprise | 23 |
| Company Size | Count |
|---|---|
| Small Business | 26 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.
Companies around the world use FortiSIEM for the following use cases:
Wazuh offers comprehensive security features like MITRE ATT&CK correlation, log monitoring, and cloud-native infrastructure. It ensures compliance and provides intrusion detection with high scalability and open-source flexibility, ideal for businesses seeking robust SIEM capabilities.
Wazuh stands out in security information and event management by providing efficient log aggregation, vulnerability scanning, and event correlation against MITRE ATT&CK. Its capability to integrate seamlessly with environments, manage compliance, and monitor files makes it suitable for cloud-native infrastructures and financial sectors. Despite its technical support needing enhancement and opportunities for improving AI integration and threat intelligence, its open-source nature and cost-effectiveness make it appealing. Users can leverage custom dashboards powered by Elasticsearch for precise data analysis, even though there is a desire for a more user-friendly interface and better enterprise solution integration. Deployment may be complex, but its features contribute significantly to fortified security postures.
What are the essential features of Wazuh?Industries like finance and cloud infrastructure heavily utilize Wazuh for its security strengths. By monitoring endpoints and ensuring compliance with frameworks, companies can improve security posture and swiftly detect anomalies. The platform's focus on event correlation and alerts for security incidents is particularly beneficial.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
