We performed a comparison between IBM Security QRadar and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
Comparison Results: Our users prefer IBM Security QRadar over Fortinet FortiSIEM. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The connectivity and analytics are great."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Sentinel pricing is good"
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"Fortinet FortiSIEM provides good detection against advanced threats."
"The most valuable feature is the anomaly-reporting alarms."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"The solution is easy to use and user-friendly."
"Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same."
"Fortinet FortiSIEM needs to provide better API integrations to users."
"Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
"I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"Technical support is good overall."
"I think the QDI is very good."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"One key area that can be improved is by building a strong integration with our XDR platform."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The AI capabilities must be improved."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"FortiSIEM could be better integrated with other vendors."
"Not very good on non-API features, lacks that functionality."
"I would like to see more integration with other platforms."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances."
"Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
"The AQL queries could be better."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Fortinet FortiSIEM is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Fortinet FortiSIEM is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, ThousandEyes and PRTG Network Monitor, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and ArcSight Logger. See our Fortinet FortiSIEM vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.