Fortinet FortiSIEM Reviews

I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.

The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products. The tool has an endless number of templates, so based on a customer's use case, we can choose the templates, create the report as per compliance, and submit it to management for higher visibility.

With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily.

The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.

I have been using Fortinet FortiSIEM for more than ten years. I am an integrator of the solution. I use Fortinet FortiSIEM 7.0.0.

From the application perspective, yeah, I think it is a stable tool most of the time, but we have met some issues with the database sometimes. Stability-wise, I rate the solution a nine out of ten.

It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.

I think around ten customers of my company use the tool.

My customers are medium and enterprise-sized businesses.

The solution's technical support has been a nightmare. I rate the technical support a four or five out of ten.

Neutral

If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten. It is not very complicated, but a tech person who has the expertise to install and scale implement all these features would be required to implement the tool.

The product's installation model depends on the company's compliance and IT policies. Most customers prefer implementing an on-premises model. When considering commercial and upfront investment, customers are ready to go for cloud solutions as well. But in my experience, most customers prefer to implement an on-premises model.

The time required to deploy the solution depends on how big your network is currently. It might take two days to up to two weeks, so that is the normal project implementation time. It is always based on how big our network is and how we know our network. If customers have good visibility and understanding of their network, good access, and all the authentication paths, the integration will be much easier. In some cases, it might take more than two weeks. On average, I think it will take one to two weeks to complete installation.

The deployment of the tool is always for the SOC part of a company. It is used for real-time network analytics.

For the deployment, we discuss all the requests or use cases with the customer and understand their network topology. Most of the time, we access their platform for installation, and so we deal with virtualization platforms, like VMware ESXi, and based on that, we will download the SIEM pack from Fortinet. Once the installation has been completed, we try to find all the devices in the network that we need to monitor so we can enable all those processes. It is the normal deployment procedure we are following for implementation. Once the primary implementation has been completed based on customer use cases or complaints, we might create those dashboards and templates for reporting.

If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap.

For threat detection, some AI-based analytics tools are there, and it is one of the latest features in the product. The AI helps mitigate threats.

In terms of the tool's ability to streamline customer security workflow, the product normally searches events in real-time, so customers will get alerts of the event in real-time. Compared to other products like Splunk or Oracle, I think Fortinet FortiSIEM is more reliable in real-time.

If there is proper support and better technical capabilities, it can become a good solution.

I rate the tool an eight out of ten.

We're using it to manage devices on the network. We get real-time incident reports on changes done on the servers and changes on routers and switches. They also use it to provide reports to management on activities, incidents, and events.

I like the reporting model where you can drill-down capabilities into user actions on the network.

I also like CMDB. The CMDB captures devices as long as they have SNMP enabled. It captures the information for me. 

Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information.

When you're generating a report on the report line, sometimes it is very important to understand the criteria for creating the database to get the report you want. If FortiSIEM can improve on that, the user is looking for specific information, and it comes by. You don't need a technical person to generate a report. It's a bit difficult for you to generate it without drilling down. You need to keep clicking, and narrowing down your search to get what you want. 

If there will be some level of info, I like the reporting on FortiAnalyzer because one can see the number of people consuming bandwidth on the network, who the top users are, at the critical button you specified, and how long the duration is. FortiSIEM is not as easy.

I have been using it for three years. I currently use the version 6.3.

It is a stable solution.  So far, it's been relatively stable. The current version we're using will expire in 2024, so we're planning to upgrade to the next version soon. We're also considering moving to the cloud, which may impact stability, but we'll have to see how that goes.

It is a scalable solution on-prem environment. We will be testing the scalability when we migrate to the cloud. 

We have between 300 and 400 users. There are three administrators on the system who manage devices for 25 EPS and close to 100 EPS. We are only licensed for 200 EPS, but we have plans to increase the number of users.

The customer service and support have been helpful. We log in the case, they come back to us, and then we resolve it.

We were using Check Point before we migrated to FortiSIEM. We used Check Point for about ten years before we moved to FortiGate.

So, we switched to Fortinet from Check Point. There were two main reasons. First, we weren't getting the support we needed from Check Point. Second, the cost of renewing support for our end-of-life devices was too high. We had a limited budget, so we looked for a solution that could give us the same features and capacity as Check Point at a more competitive price. We opted for FortiSIEM because it met both of our requirements.

The initial setup was straightforward because Fortinet had already provisioned the appliance. We added it to our VM and finished up by configuring the key. The only bit where there was a bit of a problem was when we started because it was supposed to be a three-in-one appliance, but we noticed that we needed to separate the collector in a different location. Otherwise, it's a straightforward process.

My understanding of a three-in-one appliance is that both the collector and the other components have to be in the same box. However, there was certain information that we were not getting, and I understand that this was changed in the 6.3 version, where the collector is separate.

This makes it easier to use agentless apps, because with agentless apps, the information is now sent back to the collector if it is separate from the other components. So, we now have to start making changes to the Kapolei collector with storage and all that. I think it's still pretty straightforward though.

We used a consultant for the deployment because it was a new product, and we wanted to ensure that it was done correctly. However, it is possible to deploy Fortinet FortiSIEM in-house by following the deployment guide.

The deployment took one week to deploy Fortinet FortiSIEM, excluding the time it took to acquire the necessary servers and virtual machines.

The first step was to purchase the necessary servers and virtual machines. We also needed to upgrade our VM version from 5 to 7.X. Once we had all of the necessary hardware and software in place, we were able to begin the deployment process.

We have five managers overseeing IT, internal control, and corporate. The staffing needs depend on their specific roles. The ID team provides the necessary support to ensure the application runs smoothly. Control users are in place to ensure that changes are made with proper information, and any alterations require approval. For these tasks, we have approximately five admins managing the process.

We pay for a license for FortiSIEM. We pay for the license and renewal. 

It is expensive. The initial cost was almost prohibitive, but we went with it because it was a recommendation from our recruiters. Otherwise, we probably wouldn't have done it because it was expensive.

Overall, I would rate the solution a nine out of ten. It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely. I've been using FortiSIEM for about two years and FortiGate for about ten years, and I would recommend FortiSIEM to people who are interested in running next-generation firewalls.

I am part of the team that implements the solution, and we hand it over to the operations team. We use FortiSIEM to ingest logs. The customer provides us with the IPs for the log sources, and we add them to the FortiSIEM dashboard. We can check the logs for signs of malicious access from outside devices and set rules based on the customer's preferences. 

FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents. 

FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors. 

I would also like to see FortiSIEM add more of the features available in FortiSOAR. You need to buy two separate solutions to get these features, but they should all be available in one product. 

I have used FortiSIEM for two years.

We haven't had any issues with stability aside from the problems associated with integrating FortiSIEM with third-party vendors. 

We haven't scaled FortiSIEM much until recently. Our customers typically implement it on one node, so I'm not sure how easy it is to scale. We often work with large enterprise companies, so we've used the solution in healthcare. For example, we deployed FortiSIEM at a children's cancer hospital in Egypt. We also used it for banking clients, including an investment bank. 

Fortinet support is helpful. 

Deploying FortiSIEM is straightforward. Most of our customers prefer the on-prem version over the cloud. 

Other vendors like IBM QRadar are more effective than FortiSIEM for a SOC use case because they specialize in that area. I would recommend that if you are trying to build a large SOC team. 

I rate FortiSIEM seven out of 10. I strongly recommend this solution for customers who are using Fortinet products. It offers the same features as other vendors, but it's less expensive. However, some other SIEM solutions are more effective.  

FortiSIEM analyzes the logs from all the servers and firewalls.

FortiSIEM provides visibility into what happens on our corporate network. We can see traffic from users and detect brute force or bot attacks. It's clear in the SIEM solution. 

FortiSIEM's log correlation is good. 

FortiSIEM could be better integrated with other vendors. 

This happened about one year or one year and a half.

We had some issues during the update. Some updates didn't install, so we opened a ticket with Forti support, but it took more time to solve.

FortiSIEM scales enough for our company. After the initial deployment, we added some servers and increased the resources to enable FortiSIEM to take the logs from the servers.

I rate Fortinet support nine out of 10. It's excellent. 

Positive

Fortinet performed the initial setup, and it took about a week. We installed the image and integrated it with another server's Active Directory. Then we integrated it with the firewalls, routers, switches, and controller. Finally, we had to configure the policies.

I rate Fortinet FortiSIEM eight out of 10. I would recommend FortiSIEM for corporate users, but I haven't tried any other SIEM solutions, so I have no reference for comparison. In the future, we might try another vendor with a more comprehensive solution. 

Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.

It detects new technologies, vulnerabilities, and emerging threats on the internet.

I have been using Fortinet FortiSIEM for four years.

500 users are using this solution.

The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.

Positive

The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.

The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.

I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.

Our provider does the deployment and maintenance.

It has a good price and is more competitive than the others.

If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.

Overall, I rate the solution an eight out of ten.

We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.

The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.

When our team tried configuring logs for Microsoft SQL, it did not work.

The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.

I have been using the solution for the past four to five months.

The solution is stable.

The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.

My team members contacted the support team, and they helped us configure a few things.

My team did not face any issues during configuration.

I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.

I have a lot of experience working with solutions such as Fortinet FortiSIEM, FortiSOAR, and FortiGate. I have also worked with ImmuniWeb. However, I did not have the credentials or the software to work with ImmuniWeb, which is why I was searching for more information on the website to learn more about the tool.

In the company I work for, we have a partnership with Fortinet.

In my organization, I work on Fortinet FortiSIEM in the cloud.

Fortinet FortiSIEM is really user-friendly. You can filter easily, find rules, and even create new rules. I appreciate Fortinet FortiSIEM the most because it is easy to search, filter, make rules, and look for correlations and events.

For Fortinet FortiGate, it is easy to navigate through the tool itself, make policies, and look at events and logs. It is very easy to monitor on Fortinet FortiGate. I really appreciate it and believe anyone in the field can work with it easily.

For FortiSOAR, it is easy to work with playbooks and rules for approvals, and everything there is straightforward. Fortinet FortiSIEM pulls the events from FortiSOAR, processes them, and applies the playbooks. It is simple in its functions, has correlations, and offers everything needed.

I can find everything I need on Fortinet FortiSIEM. The filters, trends, and dashboard make it easy to use. The database, alerts, and customer service are excellent as well.

Regarding Fortinet FortiSIEM, I cannot identify any specific areas for improvement because I can find everything I need. For the time being, I cannot find a real point for improvement. Everything is working great on Fortinet FortiSIEM.

I have experience with Fortinet FortiSIEM for almost six months.

For Cortex XDR from Palo Alto, it rates 10 out of 10. Everything is excellent with XDR and the technical support is exceptional.

Positive

I have worked with Splunk and QRadar SIEM tools, but I prefer Fortinet FortiSIEM the most.

I am not familiar with the price and cost of Fortinet FortiSIEM. I cannot tell you if it is high, expensive, or low. However, I can say that it is cost-effective as it provides everything needed.

I do not have relevant experience with tools such as Acunetix, Synopsys, Invicti, Snyk, Prolexic, AWS Shield, or Global Accelerator.

I wish to remain anonymous, with no names for my company or myself. I prefer written communication rather than voice-based.

Based on my experience, I would rate this solution 9 or 10 out of 10.

The primary use case of FortiSIEM for my client is to provide comprehensive security information and event management (SIEM) capabilities. It is used to monitor, detect, and respond to security incidents across the client's network by aggregating and analyzing logs, events, and other data from various sources. FortiSIEM enables real-time threat detection, compliance reporting, and overall visibility into the security posture, helping to identify potential risks and take proactive measures to protect the organization's infrastructure.

Fortinet FortiSIEM has positively impacted my client's organization by enhancing their ability to monitor security incidents in real time. The solution has provided comprehensive visibility into the network, allowing for quicker identification of potential threats. FortiSIEM's integration with various systems to collect different types of logs and its ability to correlate data from multiple sources have been particularly valuable in reducing the time spent on manual analysis and increasing overall security efficiency.

The most valuable feature is auto-discovery. When you send logs from various device to FortiSIEM it automatically detects and maps all devices, across the network, providing a comprehensive and up-to-date inventory of the IT environment

It's agent-based UEBA enhances security monitoring by utilizing agents installed on endpoints to collect detailed user activity data.It offers deeper insights into user behaviors, improving anomaly detection accuracy.

It's out-of-the-box compliance reporting features significantly ease the burden of regulatory compliance for organizations by offering pre-built report templates aligned with industry standards. Automated report generation minimizes manual effort and reduces the risk of errors, while customizable reporting allows organizations to tailor reports to specific needs.

One area where FortiSIEM could improve is in its custom normalizer/parser capabilities. While FortiSIEM offers powerful event correlation and log analysis features, creating and customizing normalizers can be complex and time-consuming.

Improving the user interface for building custom normalizers, along with providing more intuitive tools or templates, would make it easier for security teams to tailor the solution to specific needs. Enhancements in this area would enable quicker adaptation to unique log formats and data sources, allowing for more accurate event parsing and better overall performance in diverse environments.

Additionally, the search functionality could be less confusing. Streamlining the search experience and providing clearer guidance or examples would help users quickly find the information they need, ultimately improving the overall usability of the platform. These enhancements would facilitate quicker adaptation to unique log formats and more efficient event analysis, leading to better performance in diverse environments.

I have used the solution for two years.

I rate the solution's stability a seven point five out of ten. 

Regarding scalability, it's better for vertical and horizontal scale-up, but expanding log sources isn't very easy due to the licensing model.

The support team was great, technically proficient, and helped with numerous bugs.

Positive

The installation and setup can be tough, requiring planning for hardware segregation and log volume. However, the installation isn't too difficult if you have clear requirements.

For those interested in using Fortinet FortiSIEM, I'd advise planning your hardware specifications and considering backup and archives to prevent log loss. It's worth the money for what they've developed. 

It's difficult for beginners to learn, mainly because of Fortinet FortiSIEM's specific queries and the lack of a user-friendly environment. Understanding these queries to find your desired logs can be challenging for newcomers.

I'd rate Fortinet FortiSIEM an eight out of ten because it's powerful and simple.