Fortinet FortiSIEM Reviews

FortiSIEM analyzes the logs from all the servers and firewalls.

FortiSIEM provides visibility into what happens on our corporate network. We can see traffic from users and detect brute force or bot attacks. It's clear in the SIEM solution. 

FortiSIEM's log correlation is good. 

FortiSIEM could be better integrated with other vendors. 

This happened about one year or one year and a half.

We had some issues during the update. Some updates didn't install, so we opened a ticket with Forti support, but it took more time to solve.

FortiSIEM scales enough for our company. After the initial deployment, we added some servers and increased the resources to enable FortiSIEM to take the logs from the servers.

I rate Fortinet support nine out of 10. It's excellent. 

Fortinet performed the initial setup, and it took about a week. We installed the image and integrated it with another server's Active Directory. Then we integrated it with the firewalls, routers, switches, and controller. Finally, we had to configure the policies.

I rate Fortinet FortiSIEM eight out of 10. I would recommend FortiSIEM for corporate users, but I haven't tried any other SIEM solutions, so I have no reference for comparison. In the future, we might try another vendor with a more comprehensive solution. 

We have eight use cases installed, and we are collecting log sources from most of the relevant endpoints. We did all that configuration ourselves. So, the product didn't really have a lot to do with it.

It is deployed on a private cloud. We manage the cloud infrastructure ourselves, and its primary purpose is to monitor and protect our network devices and our own business systems, not necessarily our customer-facing services.

We are most probably on version 3. We are not on the current release.

The event correlation is pretty robust. The GUI is pretty good. 

Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire.

The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work.

The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.

We've been using it for about three years.

Scaling is problematic because of the architecture. It is very hard to figure out the required compute, memory, and disk space because the documentation is so bad. Like any SIEM, it is very compute-heavy. So, scaling is always a problem. We've come to the conclusion that it is not scalable to the magnitude that we require.

I have two system administrators at the moment who are a part of my SOC. We have a very small operation. My SOC right now is comprised of two analysts, a senior analyst, and a manager. All of them are technical, and all of them are involved in managing this solution in one way, shape, or form.

We use the product as one of our internal controls. We have several others, which I won't get into, and we do not plan on scaling it beyond that. We have been piloting some customer-facing use cases, and we will be deprecating those, scaling them back, and moving them to the Microsoft product.

Their technical support is really bad. Their account support and product support are fine. I would rate their technical support one out of ten.

Negative

The initial deployment was done with the partner. Since then, we have done additional endpoints and upgrades, and we are doing all the work ourselves now. 

We used a partner to help us with the initial setup.

We are not really tracking ROI. We just view it as a cost of business, and we are not driving any revenue from it. So, it is just a sum cost.

This is probably more on the lower cost end of the spectrum compared to competing products.

Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model.

In terms of additional costs, we also pay for our cloud infrastructure to run it. If your log source is not supported, you're going to have to develop custom parsing. So, you're going to incur that development cost. There is also the normal day-to-day administration cost.

We implemented Fortinet FortiSIEM for our own use, and then we have been exploring the idea of using it for a customer-facing or a managed service provider multi-tenant SIEM. We offer managed SIEM services to our customers, and we've come to the conclusion that it is not well suited for that purpose. We are in the process of installing Microsoft Sentinel and Azure Lighthouse for a new service.

My overall impression is that this is an SMB product. It is not a large-scale enterprise or multi-tenant product. Even though they tell you it'll do that, it is an SMB tool, and it is pretty good for that purpose. However, most institutions would not have the required in-house expertise for it. You need a dedicated, skilled technical administrator. You need your own DevOps team, which small and medium businesses generally don't have, or you can do what we did and use a partner to do the work for you.

I would caution others to fully understand the support model and talk to reference customers about it and have a solid understanding of what their internal resource needs will be to implement and support it. That's because it is complicated. Depending on the product you pick, you would need some in-house technical capabilities. For bigger companies, that's usually not a problem, but for small and medium businesses, that can be a problem.

I would rate it a six out of ten. It is suitable for its purpose. It is targeted at the SMB market. The feature function is fine. I would rate it higher if their technical support was better.

We primarily use the solution for security.

Fortinet has a unique model, which they call MSSP, managed services security partner. They select a telco in a country, partner with them, and offer them the certification track. We are an MSSP partner in Pakistan. FortiSIEM and FortiSOAR, their overall solutions that are there for threat mitigation, visibility, control, et cetera, is well integrated.

We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers.

There's a VR feature that is basically segmenting these firewalls, these security devices. Using that feature, we can make a network slice for each and every enterprise customer. All of the infrastructure is deployed in our data center, yet customer uses it as if it is their own.

FortiSIEM is not a market leader in the SIEM space. In SIEM solutions, typically, our customers ask for Splunk, or they ask for Logarithm. Some legacy customers ask for IBM. This isn’t as popular. Fortinet needs to grow in that perspective. They need to become a leader in the magic quadrant of Gartner and be seen as visionary so that the top customers, the big customers, take them seriously in the SIEM space.

I’ve been using the solution for more than a year now.

This is an absolutely stable solution. There aren’t bugs or glitches, and it doesn’t crash or freeze. It’s reliable.

We don’t have users per se. We are selling it. We have just started selling it. At this point, we have more than double-digit customers onboarded who are using the services.

My understanding is that the solution is entirely scalable.

We find technical support quite helpful. They're very responsive. They have a very good on-the-ground team in Pakistan.

While I am responsible for the overall product owners within PTCL, within my organization, I don’t directly deal with implementation tasks.

My colleagues tell me it is easy to deal with, however.

I can’t speak to the general cost of the solution. They have a very flexible model for partners like us, however. It is a pay-as-you-grow model.

I’m not sure which exact version I’m using.

We are a cloud provider. Whatever we do, we sell it to our clients. We're not an enterprise, we are a public cloud provider, PTCL, and we sell to our clients.

I’d rate the solution eight out of ten.

If a company already has Fortinet devices in their network they have all the components of security of Fortinet, then it will make sense for them to consider FortiSIEM. If, however, it doesn’t have Fortinet security devices, it may be difficult to leverage.

I have a lot of experience working with solutions such as Fortinet FortiSIEM, FortiSOAR, and FortiGate. I have also worked with ImmuniWeb. However, I did not have the credentials or the software to work with ImmuniWeb, which is why I was searching for more information on the website to learn more about the tool.

In the company I work for, we have a partnership with Fortinet.

In my organization, I work on Fortinet FortiSIEM in the cloud.

Fortinet FortiSIEM is really user-friendly. You can filter easily, find rules, and even create new rules. I appreciate Fortinet FortiSIEM the most because it is easy to search, filter, make rules, and look for correlations and events.

For Fortinet FortiGate, it is easy to navigate through the tool itself, make policies, and look at events and logs. It is very easy to monitor on Fortinet FortiGate. I really appreciate it and believe anyone in the field can work with it easily.

For FortiSOAR, it is easy to work with playbooks and rules for approvals, and everything there is straightforward. Fortinet FortiSIEM pulls the events from FortiSOAR, processes them, and applies the playbooks. It is simple in its functions, has correlations, and offers everything needed.

I can find everything I need on Fortinet FortiSIEM. The filters, trends, and dashboard make it easy to use. The database, alerts, and customer service are excellent as well.

Regarding Fortinet FortiSIEM, I cannot identify any specific areas for improvement because I can find everything I need. For the time being, I cannot find a real point for improvement. Everything is working great on Fortinet FortiSIEM.

I have experience with Fortinet FortiSIEM for almost six months.

For Cortex XDR from Palo Alto, it rates 10 out of 10. Everything is excellent with XDR and the technical support is exceptional.

Positive

I have worked with Splunk and QRadar SIEM tools, but I prefer Fortinet FortiSIEM the most.

I am not familiar with the price and cost of Fortinet FortiSIEM. I cannot tell you if it is high, expensive, or low. However, I can say that it is cost-effective as it provides everything needed.

I do not have relevant experience with tools such as Acunetix, Synopsys, Invicti, Snyk, Prolexic, AWS Shield, or Global Accelerator.

I wish to remain anonymous, with no names for my company or myself. I prefer written communication rather than voice-based.

Based on my experience, I would rate this solution 9 or 10 out of 10.

We use the solution to monitor events and logs. It gives us a very powerful view of what is going on. We can configure it to send notifications of any malicious detection because it is based on an ML (machine learning) algorithm. Aside from using the solution to monitor the logs from different sources, we can also get detections because it has strong machine learning capability.

Fortinet FortiSIEM provides good detection against advanced threats.

The solution's interface could be modernized and improved.

I have been working with Fortinet FortiSIEM for one year.

I rate Fortinet FortiSIEM ten out of ten for stability.

Around 50 users are using Fortinet FortiSIEM in our organization.

I rate the solution an eight out of ten for scalability.

I rate Fortinet FortiSIEM a nine out of ten for the ease of its initial setup.

If nothing goes wrong, the solution can be deployed in one week.

We have seen a return on investment with Fortinet FortiSIEM.

Fortinet FortiSIEM is very cost-efficient compared to other SIEM solutions.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

The solution is deployed on the cloud in our organization. I'll recommend Fortinet FortiSIEM to users because of its functionalities, irrespective of whether they have a hybrid, on-prem, or cloud deployment. If a company has some compliance and regulations, the solution can fulfill their compliance and regulations within their country or industry.

Overall, I rate Fortinet FortiSIEM a nine out of ten.

We are using the solution for our customers. 

The pricing is good. 

The best features are the dashboard and the integration between the Fortinet products. We can connect the nodes very easily.

The initial setup is very easy.

It's great to use both this and FortiSOAR. It makes everything better. If you use them together with Fortianalyzer, it's better than Splunk.

The solution is stable. 

It is a scalable product. 

Technical support is helpful. 

There are some connectivity issues with FortiAnalyzer and FortiGate.

They need to integrate better with Cisco and Palo Alto. 

The solution is very stable. It offers good reliability.

We have found that it is possible to scale the solution.

With technical support, I often direct tickets to them in terms of licensing, and within a maximum of two to three hours, the license will be active. They are very helpful. They are very responsive. They are always responding to the tickets and assisting us. You can show your customer their level of engagement. It's very impressive. Customers are happy.

Positive

In Saudi Arabia, customers are doing Splunk or LogRhythm. In Jordan, we are using Fortinet due to the fact that it is cheaper. 

There is not a huge difference between all the technology as all the partners use the same technology.

The solution is quite simple and straightforward to set up. I'd rate it a four out of five in terms of ease of execution.

There is, for example, no need to more configuration. It's very easy. In the cloud, you just reinstall the virtual machine, its main connectors in Big Sur, and then, on the customer side, you put the small virtual machine at the connectors.

The pricing is very good. It's reasonable and competitive. I'd rate the pricing at five out of five. 

I'd rate the solution a nine out of ten.

We are using Fortinet FortiSIEM for multi-tenant SOC service.

Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.

Fortinet FortiSIEM has helped us achieve our goal of serving multi-tenant SOC services. We're able to serve multiple clients at the same time.

Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.  

The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.

I have been using Fortinet FortiSIEM for one year.

Fortinet FortiSIEM is stable.

The scalability of Fortinet FortiSIEM is good.

We have contacted the support a number of times and they were helpful.

The initial setup of Fortinet FortiSIEM is straightforward. It took us approximately two weeks.

We did the deployment in-house. We had two people for the implementation.

We are using Fortinet FortiSIEM to serve clients, and we are receiving our return on investment from them.

The price of Fortinet FortiSIEM was reasonable compared to other solutions.

There are many licenses required, such as the MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent license that you need. If you use any Windows Agent, you receive a separate license charge.

We started using Fortinet FortiSIEM because we were recommended to use it by a trusted source.

My advice to others would be to carefully look at the cost involved, and look closely at the licensing model. If it's a model that works for you, then great. However, it came as a surprise to us, we were told that we would be giving different licenses for the devices, and for the Windows Agent separately. We were not expecting the additional costs, it caught us off guard.

I rate Fortinet FortiSIEM a six out of ten.

We use Fortinet FortiSIEM for storage of security information and analysis, as well as for alerts from the 50-60 services that we have. All of our webs are linked to FortiSIEM. It's a form of SOC tool and data is used for identifying trends and what's happening around the networks. We're customers and end-to-end users when it comes to FortiSIEM, but for other Fortinet products we're either partners or a value-added reseller. I'm the principal cloud architect in our company. 

I think the most valuable feature is the easy alert setup, it's very important. It's quite simple to use and enables us to have different alerts in different categories. SOC is able to see all the red alerts, it's impossible to miss them. It's a good tool for analysis and for SOC. We upload all network detection tools that support FortiSIEM and can investigate for different alerts or vulnerabilities. A great feature is that you can use Python scripting for data stack. It's great for devices that don't generate a genuine local source of information. 

This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.

It's a very reliable solution, we haven't had any outages during the last year and we're using it a lot. We have over 40 people using it 24/7.

This solution is not very scalable if you have a lot of security events; it's focused more around smaller companies. We've become too big for it with 48,000 devices which we are monitoring and we had to create another instance and split things. It's not perfect because it requires purchase of a second license. We use the solution all the time. 

Fortinet support is very fast. If I need to ask something, I'll get a response within a couple of hours. 

The initial setup was quite straightforward. They have good documentation and once we deployed, there were only a couple of times where we needed a little bit of support because there were delayed reactions. 

The licensing is on an annual basis and calculated on the set up number. Of course, the licensing cost could be less but it's not too bad and is quite nicely priced. With Centreon or Splunk you just pay for the use but if we compare the cost of FortiSIEM with Splunk, it's less than half the price.

We took a look at IBM QRadar, which was the main competitor, and we also looked at Splunk. Splunk lost out quickly because of the cost and we ended up going with Fortinet because it was much easier to manage and implement things than QRadar and it has the Python scripting.

If your use case suits this solution, I would recommend it. If you are a professional operator and you're into pre-investing, and not just paying per use, then FortiSIEM is one of the best options you can have.

I rate this product an eight out of 10.