FortiSOAR vs. Splunk SOAR

Most organization with medium & maturity SOC struggle with alert fatigue & false positives with addressing alert volume is result in increasing risk of critical alerts being masked by trivial one , in this situation FortiSOAR help in case management : rapidly response in case of crises also. FortiSOAR is designed very well where Fortinet have other stack of security component also like Fortinet NGFW & Forti SIEM etc.. Fortinet NGFW can and generate the FortiSOAR instance through FortiCloud for Customer . However In absence of FortiFabric it require lot of connectors to work well the solution.

Incentivized

Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.

Incentivized

• User-friendly interface and easy to read data on the panels.
• Perfect for vulnerability management.
• Great integration with different security operations center platforms.
• Customized panels.
• Setting User Permissions.
• Scheduled asset scans with reports.

Incentivized

• Its security orchestration and integration capability that supports multiple tools.
• Easy coding that automates our security actions.
• Enables us to easily collaborate and respond to security issues faster.
• Splunk SOAR is a flexible product that is easy to deploy.
• Efficient tracking and monitoring capability.
• Excellent real-time reporting functionality.

Incentivized

• Training Services- Fortinet offers courses geared towards administration and designed and development of FortiSOAR , Which required multiples access , we need all training services with self pace basis , I think here Fortinet need to improve.
• Licensing Model- Being as a new technology Licensing model should be crystal & Clear, be it Concurrent Users or The number of FortiSOAR nodes there should be no ambiguity .

Incentivized

• A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
• It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
• Cost of the larger version.

Incentivized

As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.

Incentivized

Honestly, it's a bit of a love-hate thing. On one hand it's insanely powerful but on the other, the workflows can be a real headache. You need multiple hours to get comfortable with it.

Incentivized

We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.

Incentivized

Splunk Support is always great! In addition the Community is very efficient and active.

Incentivized

I never followed an in-person training, I gave my evaluation based on the online training

Incentivized

I followed training for Phantom admins and it opened a world for me

Incentivized

I already said that the main key insight is the knowledge of Phantom, so a detailed training for all the people involeved.

Incentivized

Done prove of concept (POC) thoroughly , where we judged the solution on every aspect & We came to know FortiSOAR will work well in our environment as it is blended with features like Case managements , Product Flexibility * Scalable Architecture . These features were much required to optimum use of our SOC solution. Since we have all the Fortinet security stack in our environment it helped us a lot in selection (POC) and also commercially.

Incentivized

Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.

Incentivized

me and the customers I encountered found it flexible and scalable

Incentivized

• Improved compliance control and risk management.
• Improved the business process.
• Improved incident visibility.

Incentivized

• The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
• Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task

Incentivized