Fortinet FortiSIEM Reviews

Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.

It detects new technologies, vulnerabilities, and emerging threats on the internet.

I have been using Fortinet FortiSIEM for four years.

500 users are using this solution.

The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.

The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.

The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.

I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.

Our provider does the deployment and maintenance.

It has a good price and is more competitive than the others.

If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.

Overall, I rate the solution an eight out of ten.

We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.

The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.

When our team tried configuring logs for Microsoft SQL, it did not work.

The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.

I have been using the solution for the past four to five months.

The solution is stable.

The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.

My team members contacted the support team, and they helped us configure a few things.

My team did not face any issues during configuration.

I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.

I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.

The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products. The tool has an endless number of templates, so based on a customer's use case, we can choose the templates, create the report as per compliance, and submit it to management for higher visibility.

With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily.

The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.

I have been using Fortinet FortiSIEM for more than ten years. I am an integrator of the solution. I use Fortinet FortiSIEM 7.0.0.

From the application perspective, yeah, I think it is a stable tool most of the time, but we have met some issues with the database sometimes. Stability-wise, I rate the solution a nine out of ten.

It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.

I think around ten customers of my company use the tool.

My customers are medium and enterprise-sized businesses.

The solution's technical support has been a nightmare. I rate the technical support a four or five out of ten.

Neutral

If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten. It is not very complicated, but a tech person who has the expertise to install and scale implement all these features would be required to implement the tool.

The product's installation model depends on the company's compliance and IT policies. Most customers prefer implementing an on-premises model. When considering commercial and upfront investment, customers are ready to go for cloud solutions as well. But in my experience, most customers prefer to implement an on-premises model.

The time required to deploy the solution depends on how big your network is currently. It might take two days to up to two weeks, so that is the normal project implementation time. It is always based on how big our network is and how we know our network. If customers have good visibility and understanding of their network, good access, and all the authentication paths, the integration will be much easier. In some cases, it might take more than two weeks. On average, I think it will take one to two weeks to complete installation.

The deployment of the tool is always for the SOC part of a company. It is used for real-time network analytics.

For the deployment, we discuss all the requests or use cases with the customer and understand their network topology. Most of the time, we access their platform for installation, and so we deal with virtualization platforms, like VMware ESXi, and based on that, we will download the SIEM pack from Fortinet. Once the installation has been completed, we try to find all the devices in the network that we need to monitor so we can enable all those processes. It is the normal deployment procedure we are following for implementation. Once the primary implementation has been completed based on customer use cases or complaints, we might create those dashboards and templates for reporting.

If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap.

For threat detection, some AI-based analytics tools are there, and it is one of the latest features in the product. The AI helps mitigate threats.

In terms of the tool's ability to streamline customer security workflow, the product normally searches events in real-time, so customers will get alerts of the event in real-time. Compared to other products like Splunk or Oracle, I think Fortinet FortiSIEM is more reliable in real-time.

If there is proper support and better technical capabilities, it can become a good solution.

I rate the tool an eight out of ten.

I use the solution in my company for our client, which is a big university in Tunisia, and they have many servers and virtual machines. The university has to prevent attacks by making sure that they can stop the attack at the beginning. Fortinet is good for knowing if any of the equipment in the network has been attacked like ransomware or something, and we can stop the attack and secure the network.

The tool's most valuable feature stems from the fact that I can see a complete analysis, like all the incidents that have happened, and it detects everything in real-time. It lets you know of the attack in real-time. The tool sends alerts and reports, so I think it is a useful tool.

There is a port in Fortinet FortiSIEM. If something happens, you have to enter events and create a rule to stop the attack, which I think needs to be made automatic. If any incident occurs, I hope that Fortinet FortiSIEM does the work automatically without the intervention of a human or an IT admin.

I don't want to create a rule to stop an attack. Lately, many people have been trying to access the VPN, and they are not even registered with our firewall. The team detects issues but doesn't do anything. I have to create a rule to include the addresses and details of the people who want to access the VPN in the block list, but I want the tool to do all this without me.

I have been using Fortinet FortiSIEM for two months. My company has a partnership with the solution.

It is a stable solution.

The tool is scalable enough to do what you really want.

My clients run big businesses.

The solution's technical support didn't help our company a lot. When it came to Fortinet FortiSIEM, we added the devices, and started making rules, but when we asked a question to the tool's support team, it took them a long time to answer. I rate the technical support a five out of ten.

Neutral

At the beginning the product's initial setup phase was complex. Lately, since I have started to understand the tool, the setup phase has become easy.

The solution is deployed on an on-premises model with VMs in a local data center.

The solution can be deployed in four days. One day is for installing the VMs, one day is for understanding the tool's dashboard and its rules, one day is for installing the agents and adding the equipment, and one day is for seeing what the clients want exactly.

The tool is really expensive. For what the tool does for our team, the price is fair.

As my company did not fully complete everything, the installation is not stable 100 percent.

In terms of Fortinet FortiSIEM's uptime and system stability, the tool can do detection in real-time. I think it is available for users all the time.

Those who have many servers and equipment can use SIEM so they can manage. It helps a person to see what equipment has incidents and how to prevent an attack before it happens. You can't manage much equipment, like 15 VMs or servers, by yourself. You need solutions to do that and give you alerts if anything happens.

As the product is not automated enough, I rate the tool a seven out of ten.

The primary use case of FortiSIEM for my client is to provide comprehensive security information and event management (SIEM) capabilities. It is used to monitor, detect, and respond to security incidents across the client's network by aggregating and analyzing logs, events, and other data from various sources. FortiSIEM enables real-time threat detection, compliance reporting, and overall visibility into the security posture, helping to identify potential risks and take proactive measures to protect the organization's infrastructure.

Fortinet FortiSIEM has positively impacted my client's organization by enhancing their ability to monitor security incidents in real time. The solution has provided comprehensive visibility into the network, allowing for quicker identification of potential threats. FortiSIEM's integration with various systems to collect different types of logs and its ability to correlate data from multiple sources have been particularly valuable in reducing the time spent on manual analysis and increasing overall security efficiency.

The most valuable feature is auto-discovery. When you send logs from various device to FortiSIEM it automatically detects and maps all devices, across the network, providing a comprehensive and up-to-date inventory of the IT environment

It's agent-based UEBA enhances security monitoring by utilizing agents installed on endpoints to collect detailed user activity data.It offers deeper insights into user behaviors, improving anomaly detection accuracy.

It's out-of-the-box compliance reporting features significantly ease the burden of regulatory compliance for organizations by offering pre-built report templates aligned with industry standards. Automated report generation minimizes manual effort and reduces the risk of errors, while customizable reporting allows organizations to tailor reports to specific needs.

One area where FortiSIEM could improve is in its custom normalizer/parser capabilities. While FortiSIEM offers powerful event correlation and log analysis features, creating and customizing normalizers can be complex and time-consuming.

Improving the user interface for building custom normalizers, along with providing more intuitive tools or templates, would make it easier for security teams to tailor the solution to specific needs. Enhancements in this area would enable quicker adaptation to unique log formats and data sources, allowing for more accurate event parsing and better overall performance in diverse environments.

Additionally, the search functionality could be less confusing. Streamlining the search experience and providing clearer guidance or examples would help users quickly find the information they need, ultimately improving the overall usability of the platform. These enhancements would facilitate quicker adaptation to unique log formats and more efficient event analysis, leading to better performance in diverse environments.

I have used the solution for two years.

I rate the solution's stability a seven point five out of ten. 

Regarding scalability, it's better for vertical and horizontal scale-up, but expanding log sources isn't very easy due to the licensing model.

The support team was great, technically proficient, and helped with numerous bugs.

Positive

The installation and setup can be tough, requiring planning for hardware segregation and log volume. However, the installation isn't too difficult if you have clear requirements.

For those interested in using Fortinet FortiSIEM, I'd advise planning your hardware specifications and considering backup and archives to prevent log loss. It's worth the money for what they've developed. 

It's difficult for beginners to learn, mainly because of Fortinet FortiSIEM's specific queries and the lack of a user-friendly environment. Understanding these queries to find your desired logs can be challenging for newcomers.

I'd rate Fortinet FortiSIEM an eight out of ten because it's powerful and simple.

We use the solution for monitoring, intrusion detection, and user behavior analytics. We run the dashboards to detect anomalies. We have our own incident tracking solution. We use it to track the time to detect versus the time to resolve and close the ticket.

The product kicks the logs automatically without an agent. We also use it for file integrity monitoring. The analytics engine is quite good. It can correlate traffic across our various platforms and give us a standard dashboard view of what's happening. By seeing what's happening on the network, we can pick anomalies like encrypted traffic, policy violations, and unusual accesses. It helps us be compliant. We can push back on the users and the IT team and keep them accountable based on what they are doing across their network.

Real-time monitoring makes life quite easy for me. Once I have the assurance that I have visibility into what's happening, I can report to the business and my boss that all is well. It also allows me to keep the security operations team on its toes. We do a lot of red teaming. It allows us to see whether the SOC team is doing what it is supposed to do.

The tool is relatively easy to integrate. It's agentless. We have a Windows environment majorly. We can tell the product to monitor everything at once. As long as it's authenticated, it will fix what we need.

Network detection and response is a separate product. That's how I ended up with Wazuh. I'm looking for something to help me on the network and endpoint level. The vendor must look to consolidate and improve that area.

I have been using the solution for more than five years.

The tool is quite stable. I rarely ever need to reboot or check things. I just fine-tune the rules based on the new use cases that keep coming up.

We've not had any troubles with the tool’s scalability. We are a small growing bank. We have around 800 endpoints at the moment.

I have no complaints with the technical support.

Positive

I rate the ease of setup a seven to eight out of ten. It's agentless. We can hit the ground running. A third-party provider currently supports us in maintaining the product. We have no complaints regarding the maintenance work.

The price is competitive. We can scale based on the licensing. It is an annual CapEx.

I am using only Fortinet and Wazuh currently. I have worked with AlienVault and IBM QRadar in a different organization. The products have their own unique space in the market. SolarWinds has a logging engine. IBM is huge.

It's a good tool if we are small and growing. It is easy to deploy. The support is available. The product is easy to learn. Overall, I rate the solution a nine out of ten.

We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.

Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.

Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.

Fortinet FortiSIEM's database monitoring could be made easier, like the servers and the security devices.

I have been using Fortinet FortiSIEM for the past four to five months.

Fortinet FortiSIEM is a stable product.

Fortinet FortiSIEM is a scalable product. We initially configured five devices, and then we could scale it to twenty. There could be some issues if the device count goes up to hundreds and thousands. Around 10 to 15 engineers use Fortinet FortiSIEM in our company.

Overall, I rate Fortinet FortiSIEM an eight out of ten.

I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center. 

I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics. 

The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.

I rate FortiSIEM eight out of 10 for stability. 

FortiSIEM is highly scalable, but you need to consider the costs. It will be expensive if you want to scale it up. 

We rely on Fortinet support, and their response times have room for improvement. They can take a while to respond sometimes. 

Setting up FortiSIEM is straightforward because they provide you with a step-by-step guide that covers installation and troubleshooting. The deployment time depends on your setup and what you need to integrate. It can take days or weeks, but we can typically finish in under a week.

There isn't a single one-size-fits-all implementation because some clients have mixed environments, and we need to develop a custom solution if we are working on multiple fabrics.

You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money. 

I rate FortiSIEM eight out of 10. My only advice is to understand your environment and learn as much as you can about SIEM before implementing the solution. I started by building open-source solutions from scratch, which gave me a big picture view of how to implement SIEM solutions and work with fabrics. You need to learn the basics about how to set rules and interpret logs.