Fortinet FortiSIEM Reviews

I use FortiSIEM for email events and security alarms.

FortiSIEM's best features are the dashboards and customization.

An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS. In the next release, FortiSIEM should implement a central repository.

I've been working with FortiSIEM for more than three years.

FortiSIEM's stability is quite good.

FortiSIEM is scalable, though this is constrained by the licensing model.

FortiSIEM's technical support is satisfactory, but its knowledge base could be better.

We used an in-house team and the local vendor.

FortiSIEM's licensing is based on EPS, and its pricing is competitive in the market.

I also evaluated LogRhythm and McAfee.

I would give FortiSIEM a rating of seven out of ten.

I work in our presales department. We have three of our clients using Fortinet FortiSIEM.

The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.

We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.

FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication. We use VPN instead of publishing services to the world, and we closed some services that are no longer being used. Eventually, we geographically blocked some services that do not need to be published in China or the United States, for example.

FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries. 

The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated process and takes time.

In future releases, I would like to see a resource for common environments like VMware and VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation.

We have been using Fortinet FortiSIEM for a year and a half.

Being a Linux virtual appliance, FortiSIEM is a stable platform.

We are located in Uruguay, which is a small country. We have no issues with scalability because we have so few people and our IT infrastructure is quite simple. 

Our customers have between 200 and 400 users of Fortinet FortiSIEM.

I would rate the customer service and support of Fortinet FortiSIEM a four out of five. They are quite good.

Positive

Prior to FortiSIEM, we did not use SIEM. We had a log concentrator, but it did not have the ability or the AI to correlate logs like SIEM has.

We decided to implement FortiSIEM because SIEM has the ability to create logs using AI. With a log concentrator, we have all the events there, but there is no relation between them and what we have to do manually.

The initial setup of Fortinet FortiSIEM is easy. The solution is on a virtual appliance that you download and put in the VMworld or on-premise. I would rate the ease of initial setup a five out of five.

Deployment and implementation of FortiSIEM took three months due to the tuning and the building of the dashboards. We used Fortinet professional services for our first deployment. For the second deployment, we used our in-house team. 

We are seeing very good results on a security level.

Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put them in your environment or in the cloud. Without the disk, you have to turn off the device.

I would rate them a three out of five overall for pricing.

We did consider Sentinel in Azure because it is almost free.

If you are considering Fortinet FortiSIEM for your organization, write down what alerts are important to you, which devices deserve to be monitored, and which logs you really need. You will need to customize all of this. If you have all of this detailed, the implementation process will be easier.

I would rate the solution an eight out of ten overall.

I am using Fortinet FortiSIEM to correlate events in our enterprise.

Fortinet FortiSIEM has helped our organization by providing us with business monitoring.

The most valuable feature of Fortinet FortiSIEM is the correlation of many events.

Fortinet FortiSIEM could improve to extend to several locations or sites.

I have been using Fortinet FortiSIEM for approximately two years.

The stability of Fortinet FortiSIEM is okay but it could improve.

We would like to increase the usage of Fortinet FortiSIEM.

The technical support from Fortinet FortiSIEM is good.

We previously used Juniper Security Threat Response Manager.

The initial setup of Fortinet FortiSIEM is easy. The full deployment took approximately seven days.

We had one supervisor and two others that helped do the implementation of Fortinet FortiSIEM. We did the implementation in-house.

We have five network administrators for maintenance.

We have seen a return on investment using Fortinet FortiSIEM.

There are additional features that cost more than the standard licensing fees.

We evaluated two other solutions before choosing Fortinet FortiSIEM. The graphical user interface is better in Fortinet FortiSIEM.

I rate Fortinet FortiSIEM a seven out of ten.

We are using the solution for our customers. 

The pricing is good. 

The best features are the dashboard and the integration between the Fortinet products. We can connect the nodes very easily.

The initial setup is very easy.

It's great to use both this and FortiSOAR. It makes everything better. If you use them together with Fortianalyzer, it's better than Splunk.

The solution is stable. 

It is a scalable product. 

Technical support is helpful. 

There are some connectivity issues with FortiAnalyzer and FortiGate.

They need to integrate better with Cisco and Palo Alto. 

The solution is very stable. It offers good reliability.

We have found that it is possible to scale the solution.

With technical support, I often direct tickets to them in terms of licensing, and within a maximum of two to three hours, the license will be active. They are very helpful. They are very responsive. They are always responding to the tickets and assisting us. You can show your customer their level of engagement. It's very impressive. Customers are happy.

Positive

In Saudi Arabia, customers are doing Splunk or LogRhythm. In Jordan, we are using Fortinet due to the fact that it is cheaper. 

There is not a huge difference between all the technology as all the partners use the same technology.

The solution is quite simple and straightforward to set up. I'd rate it a four out of five in terms of ease of execution.

There is, for example, no need to more configuration. It's very easy. In the cloud, you just reinstall the virtual machine, its main connectors in Big Sur, and then, on the customer side, you put the small virtual machine at the connectors.

The pricing is very good. It's reasonable and competitive. I'd rate the pricing at five out of five. 

I'd rate the solution a nine out of ten.

We are using Fortinet FortiSIEM for multi-tenant SOC service.

Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.

Fortinet FortiSIEM has helped us achieve our goal of serving multi-tenant SOC services. We're able to serve multiple clients at the same time.

Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.  

The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.

I have been using Fortinet FortiSIEM for one year.

Fortinet FortiSIEM is stable.

The scalability of Fortinet FortiSIEM is good.

We have contacted the support a number of times and they were helpful.

The initial setup of Fortinet FortiSIEM is straightforward. It took us approximately two weeks.

We did the deployment in-house. We had two people for the implementation.

We are using Fortinet FortiSIEM to serve clients, and we are receiving our return on investment from them.

The price of Fortinet FortiSIEM was reasonable compared to other solutions.

There are many licenses required, such as the MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent license that you need. If you use any Windows Agent, you receive a separate license charge.

We started using Fortinet FortiSIEM because we were recommended to use it by a trusted source.

My advice to others would be to carefully look at the cost involved, and look closely at the licensing model. If it's a model that works for you, then great. However, it came as a surprise to us, we were told that we would be giving different licenses for the devices, and for the Windows Agent separately. We were not expecting the additional costs, it caught us off guard.

I rate Fortinet FortiSIEM a six out of ten.

My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.

Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.

The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.

I have been using Fortinet FortiSIEM for two years.

Stability is very good.

Fortinet FortiSIEM is scalable.

Technical support is perfect.

The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.

We use an integrator for the deployment of Fortinet FortiSIEM. 

The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.

Before fitting the product into your environment, make sure you have the right requirements.

I would rate Fortinet FortiSIEM a 9 out of 10.

We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.

We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.

We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.

The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.

I have been using Fortinet FortiSIEM for two and a half years.

It's a foolproof solution for our requirements, it is stable.

The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.

We have approximately 25 security engineers using the solution and approximately 10,000 end users.

We do not have plans to increase the usage of the solution at this time.

I would rate the support of Fortinet FortiSIEM a four out of ten. 

We previously were using the Juniper STRM, but  Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.

The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.

We had help from the Fortinet team for the implementation team.

We have received a return on investment by using this solution.

The price of Fortinet FortiSIEM is a lot less when compared to other solutions.

My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.

I rate Fortinet FortiSIEM a six out of ten.

We use it as our main SIEM tool for creating rules, creating alerts, monitoring, and accessing CMDB. We also use it to monitor a few more things related to writing security.

I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.

With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk.

When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.

I've been using it for a year and a half.

It's pretty stable. We haven't faced any critical issues with stability.

We had some issues when there were a few more updates or patches, but the technical support from FortiSIEM was pretty good and got it all sorted.

If you're using it for multi-tenant solutions, it will be pretty good, but it won't support running more than 20 clients on the same platform. It would need more resources. Even if you are implementing it for multi-tenant solutions, you would need implement fewer clients on it so that it has to use less effort.

On a scale from one to ten, I would rate it at eight.