FortiSIEM vs. Microsoft Sentinel

If budget is an issue then Fortisiem fits well, as it's more than a typical SIEM solution. It can integrate with environmental monitoring systems, UPS HVAC etc. It can be used as the CMDB solution etc. If fine-tuned and looked after it can actually bring a lot of value for less.

Incentivized

We use it because when a user sees the suspicious activity on his account, Microsoft Sentinel gives alerts to the user's system and the admin system as well. When a user of one of our systems clicked a spam email, that email was trying to install a virus on our server, but Microsoft Sentinel gave an alert to the user and admin both, so that is why our team was able to fix that issue with Microsoft Sentinel very fast. However, it will not be the best option for you if your team is utilizing every feature but you are on a tight budget.

• Log aggregation and analytics
• CMDB
• Device inventory and remote management .
• It can be used by Managed Security Providers who have multiple customers as it offers multi organization support .

Incentivized

• I appreciate that it keeps the data within our, what we call our, authorization boundary. The fact that the data remains within Microsoft's, I guess, walled garden if you will, is very helpful for certain compliance needs in particular.
• The large library of ingestion: ability to ingest is basically as easy as I can basically get it to be most of the time. There's occasionally some vendors that it's a little bit more challenging for, but given the ease of integration for a lot of things, basically it's become one of my requirements when I am looking at other tools is how easily do they integrate with Sentinel.

Incentivized

• Non-intuitive/unattractive user interface
• Too many features that will usually remain unused
• Very crowded (too many icons) portal
• The reporting feature is confusing, e.g. you have to click on the "refresh" button to get the result of your inquiry. The report generation process can be much easier, as the user interaction is not pleasant.

Incentivized

• I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
• It should improve ML and AI capabilities.
• I find its documentation a little bit difficult to understand at the start. So the words should be simple.

Incentivized

The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.

Incentivized

Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.

Incentivized

Well before there was Microsoft Sentinel, you had other competing products like ArcSight or Splunk, et cetera. I think they have their own qualities, but the Microsoft integration story is really why we're using it.

Incentivized

Did not use professional services

Incentivized

• Other SIEM solutions were cost prohibitive at the time of purchase (2016).
• Just like any other SIEM, it helped draw a better picture of our current security posture.

Incentivized

• As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.

Incentivized