Fortinet FortiSIEM Reviews

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

Its training can be improved. Its price also needs to be improved.

I have been using this solution for one year.

It has been good so far. We don't have any complaints about the tool.

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.

We use FortiSIEM to protect our customers. 

Our current client has 20 branches and we can connect from any branch to their headquarters. We have high availability between headquarters and branches via the VPN connection. We can protect our SD-WAN, as well.

Fortinet is very helpful for our customers.

Every feature is good. This is one of the greatest SIEM products on the market. The most valuable feature this solution offers is that it protects the server and the client.

It's very easy for anyone to work with. You don't need any help externally.

This is a great product for everyone. The disadvantage is the product portfolio.

We need more incidents automatically to protect our network.

We need to see incident reports about the event log, without events from the administrator or through human interaction.

In the next release, I would like to have automated generation reports of incident reports.

I have been using this solution for three years.

This solution is stable.

It's a scalable product.

Fortinet has a large number of products with many modules. 

We can use it for small, medium, and large enterprise companies. This product is suitable for all business sizes.

Support is very helpful. They have support in our local area and there are five or six support branches worldwide.

We can contact them through Facebook, the website, on chat, and using the phone with no problem.

They are helpful and they respond quickly.

We only use Fortinet products.

I work with version 5, version 6, and version 6.2.

The initial setup is very easy. It's straightforward.

One person can do the basic installation and maintenance. One person can support engineers.

Every product that Fortinet offers is easy to install and can easily be deployed by one person.

You can deploy and execute one device in one day. If the project is large then you will need two or three days to complete the installation. This includes time for troubleshooting if needed.

Pricing is acceptable for more than 90% of our customers, as they normally get discounts.

My advice would be to know this solution, and study it well to avoid mistakes.

The configuration is simple, not complex. It's a very good product. I have not experienced any issues with it.

I would rate this solution a nine out of ten.

I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.

The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.

Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.

The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.

I have been using Fortinet FortiSIEM since 2018.

Stability-wise, I rate the solution a nine out of ten.

If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.

It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.

My company deals with around six customers who use the product.

The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.

The product's initial setup phase is easy.

In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.

After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.

I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.

There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.

The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.

I rate the integration capabilities of the tool a nine out of ten.

The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.

It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.

I rate the tool a nine out of ten.

I use the solution in my company since it provides ease of monitoring. My company uses the product to get reports for our customers and monitoring purposes, as per the customer's preferences.

At times, I have noticed that Fortinet FortiSIEM suddenly goes down, and because of this, I have to reboot the servers from the engineers. Usually, I have to restart the panel again to get the product functioning. The aforementioned area of concern has been around for a very long time, making it something where improvements are required.

The stability of the product is an area of concern where improvements are required.

ArcSight can provide a detailed report for a year in a PDF format. In Fortinet FortiSIEM, there is a need to put in manual effort to get a detailed report. In Fortinet FortiSIEM, if I get reports for a specific time frame, I have to manually narrow them down by myself, after which I will not be able to get them in a Word or PDF format, which can be challenging.

I have been using Fortinet FortiSIEM for a year. My company uses the product for some of our internal purposes.

It is a scalable tool. The product can handle a considerable number of customers.

At the moment, there are only two people in my company who use the solution. In the future, the number of uses may increase, especially if my company has to deal with more customers who want to use Fortinet FortiSIEM.

Based on what I heard from my colleagues, the technical support is not bad. My colleagues directly contact the technical support for help.

The product's initial setup phase was easy. I wasn't a part of the deployment process.

In terms of how the tool supports our company's compliance monitoring and reporting practices, I would say that it stems from the fact that Fortinet FortiSIEM is able to serve what our company's customers want while also having the ability to offer solutions, making it quite easy for us to give the customers what they want. The fact that the solution helps my company provide the reports that my customer wants is actually nice. The tool also offers customization ability.

The features of Fortinet FortiSIEM that I find most effective for real-time security event correlation are real-time server connections, which allow me to see all the servers that are online at a particular period of time. The product also shows the threats and bifurcates them into high, medium, and low. The solution has the ability to generate reports easily. The product also provides specific solutions for any threats that are found.

The way Fortinet FortiSIEM improves my company's security posture stems from the fact that with the tool, I can see whatever is happening in real-time. In terms of security issues, if I try to see the problem or threat, then I can really dig deep into what is happening, which is a nice feature.

The tool is easy to maintain. Only two people are required to maintain the solution.

If I compare the integration capabilities of ArcSight with Fortinet FortiSIEM, I would have to say that the latter is in a better position to provide its customers with more details in terms of cybersecurity threats or if they want to compare the firewalls. Fortinet FortiSIEM is better for customers with no cybersecurity knowledge since it helps them understand the product. Fortinet FortiSIEM is better for the security of its customers.

I would ask those who plan to use the Fortinet FortiSIEM to see whether there are other solutions with which it needs to interact in their environment. Fortinet FortiSIEM is one of the best solutions I have dealt with, considering that it has a nice user interface. The update page is good and works in real time. The firewall part of the tool is good. I don't think there is anything that can cause problems for the tool's firewall. I actually liked the tool's firewall.

I rate the overall tool a nine out of ten.

If a customer is looking to establish a centralized monitoring and security solution, Fortinet FortiSIEM can be tailored to meet their specific needs effectively. This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.

It works exceptionally well when combined with a vulnerability management solution.

Customer support service could be better.

It provides great stability features.

Scalability is excellent, especially for our enterprise-level clients.

I have moderate satisfaction with customer support, and we've learned to manage it adequately. I would rate it three out of ten.

Negative

I previously worked with LogPoint, which had rigid pricing structures. In contrast, we value flexibility and aim to provide more adaptable support, so we switched to Fortinet FortiSIEM.

The initial setup is quite swift.

The deployment process usually takes just one to two days to have the basics up and running. This involves connecting the collectors and configuring the systems.

Pricing is determined based on the customer's budget. We discuss how to tailor the pricing to fit the specific needs and financial considerations of the customer.

I would highly recommend it. It's a top-tier solution, receiving a solid ten out of ten rating.

We have an MSSP license and provide services to customers from various verticals like manufacturing, pharmaceutical, and MRD (Manufacturing, Retail & Distribution). We provide the services of Fortinet FortiSIEM to customers who cannot avail of costly on-premise services.

Fortinet FortiSIEM is less costly than other products and is available 24/7.

Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market.

We have been using Fortinet FortiSIEM for almost one and a half years.

The stability of Fortinet FortiSIEM is good.

Fortinet FortiSIEM has good scalability.

I have faced no issues with Fortinet FortiSIEM’s customer support.

The deployment of Fortinet FortiSIEM, which included the migration of 30 plus customers and the initial setup of all components, did not take more than a month.

Fortinet FortiSIEM is cheaper compared to other products.

I use the latest version of Fortinet FortiSIEM. We have deployed Fortinet FortiSIEM on VMware.

Overall, I rate Fortinet FortiSIEM a seven out of ten.

Fortinet FortiSIEM is used to retrieve logs from different sources, such as network switches, firewalls, and servers, that are running difficult operating systems. The solution adds intelligence to the process that can provide meaningful information for the data analyst to use.

The solution can be deployed on the cloud or on-premise.

The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted.

The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial.

I have been using Fortinet FortiSIEM for a couple of years. 

The stability of Fortinet FortiSIEM is stable.

I rate stability Fortinet FortiSIEM an eight out of ten.

Fortinet FortiSIEM is known for its scalability, it scales well.

We have a couple of customers using this solution.

I rate the scalability of Fortinet FortiSIEM a nine out of ten.

The support from Fortinet FortiSIEM is great.

The initial setup is easy, but the time it takes for the deployment depends on the number of applications monitored. One of our clients has taken us three weeks, but a typical setup takes one month. Some logs are simple to configure while others can be more difficult. 

Deploying the solution is a straightforward process that involves just a few steps, such as loading the solution and configuring it, after which the solution will commence retrieving the data.

We do the implementation of the solution with two administrators within one month.

The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license.

My advice to others that might want to implement this solution is to know their business needs. There are other solutions, such as Splunk that can provide a lot more information when collecting data but it might not be needed for their use case. A small business would not need all the extra features of Splunk.

I rate Fortinet FortiSIEM an eight out of ten.

The solution's ability to collect data from different sources is its most valuable feature.

They should enhance the solution's AI capabilities, including XDR and EDR.

We have been using the solution for six months.

I rate the solution's stability as a nine.

I rate the solution's scalability as an eight. It works well with medium to large-scale enterprises.

The solution's tech support team is good.

The solution's initial setup is a bit complex as you have to do a lot of configuration. You have to collect data from different sources such as Microsoft, IBM, etc. The data extraction process differs for every system. Thus, you have to apply different protocols to collect data from various sources.

The solution has a lot of network solutions in its bucket. As a result, they provide excellent network strength. I advise others to know the product well before implementing it. I rate it as an eight.