Fortinet FortiSIEM Reviews

We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.

Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.

Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.

Fortinet FortiSIEM's database monitoring could be made easier, like the servers and the security devices.

I have been using Fortinet FortiSIEM for the past four to five months.

Fortinet FortiSIEM is a stable product.

Fortinet FortiSIEM is a scalable product. We initially configured five devices, and then we could scale it to twenty. There could be some issues if the device count goes up to hundreds and thousands. Around 10 to 15 engineers use Fortinet FortiSIEM in our company.

Overall, I rate Fortinet FortiSIEM an eight out of ten.

I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center. 

I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics. 

The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.

I rate FortiSIEM eight out of 10 for stability. 

FortiSIEM is highly scalable, but you need to consider the costs. It will be expensive if you want to scale it up. 

We rely on Fortinet support, and their response times have room for improvement. They can take a while to respond sometimes. 

Setting up FortiSIEM is straightforward because they provide you with a step-by-step guide that covers installation and troubleshooting. The deployment time depends on your setup and what you need to integrate. It can take days or weeks, but we can typically finish in under a week.

There isn't a single one-size-fits-all implementation because some clients have mixed environments, and we need to develop a custom solution if we are working on multiple fabrics.

You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money. 

I rate FortiSIEM eight out of 10. My only advice is to understand your environment and learn as much as you can about SIEM before implementing the solution. I started by building open-source solutions from scratch, which gave me a big picture view of how to implement SIEM solutions and work with fabrics. You need to learn the basics about how to set rules and interpret logs. 

FortiSIEM combines information from operations and integrates it into management.  

FortiSIEM is a great tool for making security processes transparent. 

I rate FortiSIEM 10 out of 10 for stability. 

I rate FortiSIEM nine out of 10 for scalability.

Setting up FortiSIEM is straightforward.  I prefer this product in the Fortinet environment. It's easy to install and configure.  

FortiSIEM might be considered expensive in some markets. We have an international customer base, and it's affordable for a lot of them. 

However, customers in some markets cannot build a suitable use case around it. But it's not because of the product. It often depends on customers' operation organization. 

You also need some operation and security knowledge to make a professional management decision. 

A company needs to work with the consultants and distributors who are delivering the environment and necessary support.

I rate Fortinet FortiSIEM nine out of 10. 

Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet. 

I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature. 

We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.

I've been using this solution for four years. 

Scalability is good; you just add extra licenses. We have 15 admin users and around 10,000 EPS.

There are lots of issues with licensing policies like the agentless and agent-based installation. It creates a lot of issues because when we purchase the SIEM, by default, we expect most of the licenses to be in the bundle. But it's not like that. We need to purchase separate licenses for each agent and agentless system. There is also licensing with the EPS. It's quite difficult for proposing and purchasing the solution. We hire Fortinet professional services for deployment. 

I think that QRadar and RSE are better solutions than SIEM. The interactivity, scalability, and performance are far better than Fortinet. 

My needs are not getting met with this solution so I would not recommend it to anyone and rate it four out of 10. 

I work in our presales department. We have three of our clients using Fortinet FortiSIEM.

The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.

We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.

FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication. We use VPN instead of publishing services to the world, and we closed some services that are no longer being used. Eventually, we geographically blocked some services that do not need to be published in China or the United States, for example.

FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries. 

The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated process and takes time.

In future releases, I would like to see a resource for common environments like VMware and VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation.

We have been using Fortinet FortiSIEM for a year and a half.

Being a Linux virtual appliance, FortiSIEM is a stable platform.

We are located in Uruguay, which is a small country. We have no issues with scalability because we have so few people and our IT infrastructure is quite simple. 

Our customers have between 200 and 400 users of Fortinet FortiSIEM.

I would rate the customer service and support of Fortinet FortiSIEM a four out of five. They are quite good.

Positive

Prior to FortiSIEM, we did not use SIEM. We had a log concentrator, but it did not have the ability or the AI to correlate logs like SIEM has.

We decided to implement FortiSIEM because SIEM has the ability to create logs using AI. With a log concentrator, we have all the events there, but there is no relation between them and what we have to do manually.

The initial setup of Fortinet FortiSIEM is easy. The solution is on a virtual appliance that you download and put in the VMworld or on-premise. I would rate the ease of initial setup a five out of five.

Deployment and implementation of FortiSIEM took three months due to the tuning and the building of the dashboards. We used Fortinet professional services for our first deployment. For the second deployment, we used our in-house team. 

We are seeing very good results on a security level.

Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put them in your environment or in the cloud. Without the disk, you have to turn off the device.

I would rate them a three out of five overall for pricing.

We did consider Sentinel in Azure because it is almost free.

If you are considering Fortinet FortiSIEM for your organization, write down what alerts are important to you, which devices deserve to be monitored, and which logs you really need. You will need to customize all of this. If you have all of this detailed, the implementation process will be easier.

I would rate the solution an eight out of ten overall.

I am using Fortinet FortiSIEM to correlate events in our enterprise.

Fortinet FortiSIEM has helped our organization by providing us with business monitoring.

The most valuable feature of Fortinet FortiSIEM is the correlation of many events.

Fortinet FortiSIEM could improve to extend to several locations or sites.

I have been using Fortinet FortiSIEM for approximately two years.

The stability of Fortinet FortiSIEM is okay but it could improve.

We would like to increase the usage of Fortinet FortiSIEM.

The technical support from Fortinet FortiSIEM is good.

We previously used Juniper Security Threat Response Manager.

The initial setup of Fortinet FortiSIEM is easy. The full deployment took approximately seven days.

We had one supervisor and two others that helped do the implementation of Fortinet FortiSIEM. We did the implementation in-house.

We have five network administrators for maintenance.

We have seen a return on investment using Fortinet FortiSIEM.

There are additional features that cost more than the standard licensing fees.

We evaluated two other solutions before choosing Fortinet FortiSIEM. The graphical user interface is better in Fortinet FortiSIEM.

I rate Fortinet FortiSIEM a seven out of ten.

We are using the solution for our customers. 

The pricing is good. 

The best features are the dashboard and the integration between the Fortinet products. We can connect the nodes very easily.

The initial setup is very easy.

It's great to use both this and FortiSOAR. It makes everything better. If you use them together with Fortianalyzer, it's better than Splunk.

The solution is stable. 

It is a scalable product. 

Technical support is helpful. 

There are some connectivity issues with FortiAnalyzer and FortiGate.

They need to integrate better with Cisco and Palo Alto. 

The solution is very stable. It offers good reliability.

We have found that it is possible to scale the solution.

With technical support, I often direct tickets to them in terms of licensing, and within a maximum of two to three hours, the license will be active. They are very helpful. They are very responsive. They are always responding to the tickets and assisting us. You can show your customer their level of engagement. It's very impressive. Customers are happy.

Positive

In Saudi Arabia, customers are doing Splunk or LogRhythm. In Jordan, we are using Fortinet due to the fact that it is cheaper. 

There is not a huge difference between all the technology as all the partners use the same technology.

The solution is quite simple and straightforward to set up. I'd rate it a four out of five in terms of ease of execution.

There is, for example, no need to more configuration. It's very easy. In the cloud, you just reinstall the virtual machine, its main connectors in Big Sur, and then, on the customer side, you put the small virtual machine at the connectors.

The pricing is very good. It's reasonable and competitive. I'd rate the pricing at five out of five. 

I'd rate the solution a nine out of ten.

We are using Fortinet FortiSIEM for multi-tenant SOC service.

Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.

Fortinet FortiSIEM has helped us achieve our goal of serving multi-tenant SOC services. We're able to serve multiple clients at the same time.

Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.  

The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.

I have been using Fortinet FortiSIEM for one year.

Fortinet FortiSIEM is stable.

The scalability of Fortinet FortiSIEM is good.

We have contacted the support a number of times and they were helpful.

The initial setup of Fortinet FortiSIEM is straightforward. It took us approximately two weeks.

We did the deployment in-house. We had two people for the implementation.

We are using Fortinet FortiSIEM to serve clients, and we are receiving our return on investment from them.

The price of Fortinet FortiSIEM was reasonable compared to other solutions.

There are many licenses required, such as the MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent license that you need. If you use any Windows Agent, you receive a separate license charge.

We started using Fortinet FortiSIEM because we were recommended to use it by a trusted source.

My advice to others would be to carefully look at the cost involved, and look closely at the licensing model. If it's a model that works for you, then great. However, it came as a surprise to us, we were told that we would be giving different licenses for the devices, and for the Windows Agent separately. We were not expecting the additional costs, it caught us off guard.

I rate Fortinet FortiSIEM a six out of ten.

My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.

Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.

The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.

I have been using Fortinet FortiSIEM for two years.

Stability is very good.

Fortinet FortiSIEM is scalable.

Technical support is perfect.

The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.

We use an integrator for the deployment of Fortinet FortiSIEM. 

The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.

Before fitting the product into your environment, make sure you have the right requirements.

I would rate Fortinet FortiSIEM a 9 out of 10.

We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.

We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.

We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.

The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.

I have been using Fortinet FortiSIEM for two and a half years.

It's a foolproof solution for our requirements, it is stable.

The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.

We have approximately 25 security engineers using the solution and approximately 10,000 end users.

We do not have plans to increase the usage of the solution at this time.

I would rate the support of Fortinet FortiSIEM a four out of ten. 

We previously were using the Juniper STRM, but  Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.

The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.

We had help from the Fortinet team for the implementation team.

We have received a return on investment by using this solution.

The price of Fortinet FortiSIEM is a lot less when compared to other solutions.

My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.

I rate Fortinet FortiSIEM a six out of ten.