Fortinet FortiSIEM Reviews

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

Its training can be improved. Its price also needs to be improved.

I have been using this solution for one year.

It has been good so far. We don't have any complaints about the tool.

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.

I primarily use the solution as part of the firewall. I work mostly with banks and have extensive experience with configuring the VPN in relation to Fortinet.

The solution is quite user-friendly.

It's very easy to configure everything, including the VPN. It gives you lots of good options.

The product is quite well-organized. The GUI makes it easy to navigate.

The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed.

You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process.

It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option. 

The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.

I've been using the solution for about seven months at this point. It's been less than a year.

The stability of the product is fairly good. It's likely 70-80% there in terms of stability. There are many versions and the stability may vary slightly on each. 

In terms of security, however, I would say it's very stable. 

We haven't implemented the latest version yet as it hasn't been implemented widely. 

In general, the stability isn't a problem for us and we don't need to worry too much about it.

The technical support is quite fine. We can communicate with them easily if we need to. If we have a problem or we need an issue addressed, we simply open a ticket and the Fortinet team is ready to assist. They are very knowledgeable and responsive. We've been satisfied with the support they give us.

The initial setup does take some time to learn. I'm in the process of learning more about it now, specifically in relation to configuration or the VPN.

If you are comparing the product to Cisco's solutions, it's very cheap and moderately priced. It's affordable. At the same time, it's a very effective solution. It's affordable and it works well.

On a scale from one to ten, I would rate the product at an eight. It's been a pretty positive experience overall. I'm still learning the solution and discovering new things about it, however, it has everything I need at the same time. 

We primarily use it for all of our cloud space and for firewalls,and AWS security services etc., for example, for the email, Cloud watch and AWS security HUB

Single pane of glass for security issues

There's a great feature on the solution that allows us to analyze security issues and incidents. It automatically allows us to trace any incident. It's an invaluable aspect of the solution. 

The solution has a relatively low cost.

We find the solution to be stable.

It's my understanding that the solution can scale well.

The solution needs to be form flow diagram automatically with AWS platform

I've only been using the solution for the last six months.

The solution is stable. It's very reliable. There aren't bugs or glitches. It doesn't freeze or crash.

I personally have never tried to scale the solution. That said, the solution is scalable and companies shouldn't have any issue expanding it as needed.

The solution is being used pretty extensively in our organization and we have several teams on it.

We've definitely called technical support in the past when we have run into issues. We've been satisfied with the level of service they provide. We always get a proper response and they're always ready to resolve any issues we have. We are able to close tickets very quickly because they are so knowledgeable and responsive.

The solution was fairly complex. However, this was due to the fact that we had to do a lot of configurations at the outset. The solution didn't make the process easy for us. Typically, it's easy to implement and I would be able to handle the process myself.

It took us about 15 days to deploy everything on our end.

Implementation was done by Fortinet's Professional Service Team which was quite satisfactorily 

The solution is very cost-effective compared to competitors. We just need to pay licensing and support costs. There aren't added costs beyond that.

We didn't previously look at other solutions. We saw that Fortinet fit our needs, and therefore we chose it.

We're a public utility, so we just use the solution. We don't have a business relationship with the company.

We use the latest version of the solution.

We use a variety of Fortinet solutions at our organization. For example, we integrate the complete AWS cloud space into that all FortiSIEM.

I'd recommend the solution to other organizations, especially those that are cost-conscious. Compared to there solutions' it's rather easy to implement.

I'd rate the solution overall seven out of ten.

We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various security-related activities and features. In more ways, it becomes like a cloud solution to them. We make use of a secure connection from the clients’ networks using collectors located on their premises back to our centralized SIEM platform.

The most valuable feature is the differentiator, which has a combination of not only the SOC which covers the security operations aspect, but it also includes NOC capabilities. FortiSIEM uses PAM (Performance, Availability, and Monitoring) from an NOC perspective. So not only do you natively look at security data as most SIEM solutions, but you're also looking at the performance and the availability component of those devices. It's easy for us to coordinate if a security incident occurs. You're not only looking at security logs but you also looking at what could potentially have happened in terms of device performance. So that feature to me already makes it quite a big differentiator in the market, compared to other SIEM tools out there.

When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.

The solution is quite solid and stable.

The scalability component is easy. To add workers and even collectors is easy which is how we've deployed it, makes scalability much easier. We plan to grow our users into the thousands.

I never really used support from Fortinet for the FortiSIEM solution that frequent because I figured most of the stuff out on my own, but that being said, the Fortinet Support is great because I figured most of the stuff out on my own.

The initial setup was quite complex. We've had some issues with the first OVF file that we downloaded. We had to customize the installation processes. It was a bit complex in the earlier versions, but the newer versions have greatly improved. 

We use an on-premises deployment model from our perspective and a hybrid model from a customer/user perspective.

I will recommend this solution to others out there looking for a SIEM solution. I've already done a few events we were talk about FortiSIEM and its advantages. I do, however, think the main dashboard where you create and design your graphs could do with some improvement improved. On a scale from 1 to 10, I will rate this solution an 8 to ensure there’s continuous improvement.

We primarily use the solution for integration with FortiGate Firewall. We use it for multiple authentification, malware detection, and protection from DDoS attacks.

The seamless integration with FortiGate is the solution's most valuable aspect.

When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement.

The solution should offer user behavior analytics in a future release.

The solution is stable.

We don't have any expansion requirements, so I've never looked into scalability.

We've never reached out to technical support. If we need assistance, we typically look for FortiGate documents or scan their blog site. We handle any problems internally.

We previously used an open-source solution called Elastic.

The initial setup is easy.

We received support from an integrator.

We evaluated AlienVault and SolarWinds. These were both within our limited budget, but we chose FortiSIEM because it integrated seamlessly with FortiGate firewall.

We use the on-premises deployment model.

I'd recommend this solution to companies that have a FortiGate firewall and are on a limited budget. 

I'd rate the solution six out of ten.

We primarily use the solution for collecting logs and duo correlation on our customer's premises.

Both the collecting logs and duo correlation are valuable features for us.

Fortinet also offers very good pricing. Their pricing is incredible.

The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients.

They also have to improve their import perfection solution.

The solution is very stable, like all Fortinet products.

The solution is scalable.

Technical support is very good. They also provide you with additional materials to study the product by yourself so that you can get a better understanding of the full solution.

The initial setup is complex, mostly because of the security, not because of the product. Most of the security features in the installation process are difficult. They require tuning.  You have to be careful you don't configure something wrong. This is a complexity of the environment and the solution itself. The engineer should understand what the customer is looking for. The product might be very good, but if it is positioned in the wrong way, it can be harmful.

I did not evaluate other options; this solution was the decision of the customer. However, in the past, I have evaluated and worked with Splunk and IBM.

We use the public cloud deployment model.

I like the product, and I would recommend it, but I much prefer Splunk.

The beautiful thing about Fortinet is that they have integrated many, many solutions. Their platform is very powerful. In the case of the customer, if he decides to choose Fortinet, he'll largely be stuck with that one vendor. Fortinet does integrate with a few other vendors, but it's best if you use only their solutions. It's more efficient, you have more manageability and you get more value that way.

I would rate the solution seven out of ten.

The solution has an all-in-one approach. We buy one product and everything our customer needs is included. He doesn't have to pay any additional licenses to get more functionality, so everything is there and if we have to do any adjustments, it's also done very quickly and easily.

The solution can't be improved, but it can be managed more clearly. The solution just needs minor improvements. I'm quite sure Fortinet is already working on this.

They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI, there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution. 

The solution is very stable. It has run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install.

The initial setup is quite easy.

If we do an overall comparison with other products and also count additional licenses, which are necessary for other products, then the prices are comparative.

If we just leave it at base prices, for example, Splunk: Splunk is cheaper, but if you also count the price for licenses, reports, and other things - especially the megabytes and gigabytes of the lock data that you need - then it comes up to a much higher price than you have to pay for FortiSIEM which already includes these things in a base version.

I would rate the solution nine out of ten. Our clients have been very happy with the solution.

We use the on-prem deployment model of this solution. Our primary use case of this solution is for all of our infrastructure monitoring, applications, performance monitoring, and for security, incident, and event analysis. 

Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features. 

Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.

It should also have better integration.

It's a good product. It does what it is supposed to do. 

Scalability required a lot of training. If the training isn't adequate you cannot enjoy the end results.

There are currently around ten users using this solution. They are mostly system and network administrators using this solution. We don't have plans to increase the usage. We are going to switch to another product. 

We require two staff members for the deployment and maintenance. 

When you log a call, you don't get instant replies or if there is a bug they take ages to fix it and they ask you to hold.

We didn't previously use another SIEM solution. 

The installation is straightforward but the configuration is complex because it compromises of several aspects of the network infrastructure, servers, and the databases. You have to know what you want to gain out of this product. 

The deployment took around three months. There are a lot of dashboards to configure. It's not about just the installation. The planning phase and understanding what you want to get out of it, setting up the logs, and working on the correlations take time. 

We used a local integrator for the deployment. They were good. When you consider the other SIEM products, this isn't a popular solution. When we implemented it, we were with the solution before it was acquired by Fortinet. It was a hassle. 

Licensing is a one time cost. If you want to enable different modules then there will be additional costs. 

Properly review this solution and your requirements. See how it will scale up to cloud requirements. Cloud technologies are becoming more prominent and you should see how you will be able to manage it with this tool.

It's a good product but you need to be well trained. If you don't have good training then you won't maximize the benefits of this product. 

I would rate it a seven out of ten.