Fortinet FortiSOAR Reviews

The primary use case for our clients is deploying automatization component of FortiSOAR to help mitigate breaches or attacks without human error. The solution automates everything using the playbooks and pre-deployed response mitigation scenarios. Companies that can use this product may have an infrastructure team but may not be able to attract IT security talent. FortiSOAR helps them minimize human errors. I would say that this is most important and beautiful thing you can have in cybersecurity right now.

FortiSOAR's most valuable feature is its ability to correlate the products and vendors that do not have a native interconnection between them.

There is quite a bit of room for improvement with FortiSOAR's tech support. 

I have been using FortiSOAR for the last year. It's brand new product. The product was published globally only about a year and a half ago. I got my first FortiSOAR project about a year ago.

On a scale of one to five, with one being not stable at all and five being very stable, I give FortiSOAR a five for stability. 

FortiSOAR is really easy to scale up or scale down.

Fortinet's tech support overall is not great when they are at their best.

Neutral

The initial setup is really difficult. To deploy, you need to have a huge amount of knowledge between multiple different technologies. You also need knowledge of domain controllers, data center architecture, network security, classic network components, cloud services, and more. You need to know pretty much whole system. Only then can you provide nice and useful playbooks that will automatically mitigate accounts being compromised or ongoing attacks between different technologies. It is not user friendly and it is not really easy to configure.

Deployment would typically begin with the enumeration of whole system. We visualize all the elements of the system and ask questions like: How many identity providers are there? How many network components are there? Do these components have APIs enabled or not? How can the solution reach towards all these components and make adjustments and execute commands? It is important to deeply understand how the IT system is constructed. 

After that enumeration period, we will start making connectors and then sending some commands towards them in specific cases. The second and third stages entail optimizing and fine tuning everything in one giant ecosystem. The last part is redefining the playbooks, which will mitigate attacks.

The process outlined above takes just over a month. In cybersecurity, time is critical. If you take too long to deploy, you are basically leaving yourself open for an attack. Companies mostly buy security solutions after they have been breached or while they are under some sort of attack. This puts a lot of stress on the person implementing because the customer will always want it done ASAP. Therefore, in normal circumstances, a month for deployment is okay when you have time for some strategical thinking. But, you don't have that kind of time if your company is currently under attack.

Most complex deployments will involve multiple teams from across the comany. You will always have one person from the network side, one person from DC side, one person from admin, and one person for external services. This will add up to seven people in most cases. 

The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it. 

The product pays for itself nicely, but the issue is that you cannot sell that straight away. It is fairly new technology and people are not aware of the benefits that it gives. One a scale of one to five, with one being no ROI and five being excellent ROI, I give FortiSOAR a three.

On a scale of one to five, with one being very affordable and five being very expensive, I would give FortiSOAR a three. 

There are no hidden fees or external trade feeds. You do not have to deal with anything besides the license itself and support. 

The licensing is flexible. You can buy a subscription-based license on a yearly basis or you can buy a perpetual license that will never expire.

If a company already has multiple different teams covering things like networking, the data center, and SaaS services, and they are missing the one big link between, then FortiSOAR is the perfect solution for them. But, if the organization's maturity is low, I could recommend they use a solution like FortiSOAR as it requires a large amount of knowledge to run. There is not a single use case for FortiSOAR, but developed companies are best suited for a solution like this.

However, as far as FortiSOAR itself is concerned, there is not much space for improvement. You can connect it to pretty much anything, which is the most important feature of this product.

Our government clients need the solution to automate the attacks and threats they receive. The clients use the tool to integrate their security posture.

The solution's most valuable feature is playbook creation, which allows us to integrate all data ingestion into the same platform.

The solution lacks proper documentation, so we have to test and trial each playbook and integration. Because of that, we are facing many challenges. There are too many connectors that are not available on the documents.

I have been using Fortinet FortiSOAR for six months.

We sometimes faced server issues, and the SMTP protocol got disconnected a few times. We faced many issues and had to restart the server every time. When in production, the client wouldn't let us restart the server, so we had to wait another day to restart it.

I rate the solution’s stability a five out of ten.

I rate the solution a seven out of ten for scalability.

The solution's technical support is not good. The support team provides late replies, and I think they don't have proper engineers.

Neutral

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a seven out of ten.

The solution's integrated CICD pipelines and Ansible and YAML playbooks are the most effective in automating the security tasks.

The solution was pre-installed. We just needed to do the technical assistance and admin work, like creating playbooks. The solution's implementation and installation were already done. It was already integrated and connected with FortiEDR and Active Directory. We just wanted to check the data ingestion flow and whether Fortinet FortiSOAR could capture everything.

Overall, I rate the solution a six out of ten.

We use the product for security. 

Fortinet FortiSOAR should improve its analysis. 

I have been working with the solution for three years. 

I rate the product's stability a nine out of ten. 

I rate the tool's scalability an eight out of ten. 

We have deployed Fortinet FortiSOAR on the cloud, and installation was easy. 

Fortinet FortiSOAR is expensive. 

I rate the product a nine out of ten. 

We use the solution as a middleware for orchestrations and integrations from a single console. 

The solution is easy to implement and includes 450 built-in connectors.

You can push policies without needing to access the firewall. 

It is easy to monitor an environment because alerts can be classified as low, medium, or high priority. 

The fabrication, management, and communication across a single platform is beautiful. The end-to-end format handles switching endpoints, security, and firewalls. 

The licensing model could be better. 

The technology and integrations are important so should continue to be enhanced. 

Our company has been using the solution for one year in our test lab.

For the last eight years, we have been one of the big Fortinet partners in the Bangladesh region. We partner with five of the world's premium products and implement any solution of interest to our customers. 

The stability and security are good in Bangladesh where Fortinet and Palo Alto are the top two products in the market. Mechanisms and situations are different by geographic location. 

For example, the USA has different mechanisms than Bangladesh so their top products might differ. In the UK, maybe Sophos is the best product. It all depends on who uses it and the technologies available. 

The solution is scalable. It is important to know how to size the solution and deploy it properly in the network or your client will suffer. 

The setup is not complex. If you have familiarity with the technology, setup will be easy. 

Nothing is tough or easy for any product, but knowledge should be clear about the solution.

We implemented the solution in-house for our test lab. 

The solution offers both licensing and subscription models that are similar in price to other products.

Our company works with many products including the solution, Cisco, Palo Alto, and Juniper. We assess our customer's network and recommend the best solution. 

I recommend the solution because of its fabrications and built-in connectors that allow it to integrate with many products. 

I rate the solution an eight out of ten. 

The primary use case of this solution is for security and for using FortiSOAR with FortiSIEM for connecting logs and analysis. We are resellers and partners of Fortinet. 

I like that the solution is integrated with FortiAnalyzer, it's the best feature. 

The solution doesn't connect well with the network devices, with FortiNAC. It's also a very expensive product and I've found that the Fortinet engineers don't have much experience with the product and they require training, particularly when dealing with enterprise organizations. 

The solution is stable.

The solution is scalable.

In general, this product is expensive. I think maintenance requires a minimum of three people.

I recommend this solution. If a customer is looking at FortiSIEM, it's better to take FortiSOAR to reduce the number of people or the employees working and monitoring FortiSIEM. 

I rate this solution six out of 10

We are in the initial stages with the use of Fortinet FortiSOAR.

I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved.

Most of its functionalities are yet to be operational, I have tried to click on the icons but they do not work.

I have been using Fortinet FortiSOAR for approximately one year.

I would rate the performance of Fortinet FortiSOAR a 4 out of five.

The initial setup is complicated. The APIs are not able to be used easily, they claim to have integration. When it comes up to the next firmware, there are some challenges.

The price of the product should be lower. The brand value that Fortinet has, it has the reputation of being a reasonably priced product, and they have an enormous customer base in India. Most of the SME market is covered by FortiGate firewalls. It becomes an easy way for consultants, such as us, or even system integrators, to open the door with the Fortinet product lines. 

The reputation of the brand is very good.

You have a lot of Fortinet products. You can choose Fortinet FortiSOAR or you wait for them to improve the product a little more as it is needed.

I rate Fortinet FortiSOAR a five out of ten.

Fortinet provides automation capabilities for event detection and remediation. It also provides a centralized QE where all the events are consolidated and correlated and it gives you visibility to the entire workflow of a specific threat event. It provides some remediation for the particular threats or alerts based on its profile of criticality.

The most valuable feature is its centralization as you don't want to be going to different locations to correlate items or to piece anything together to derive meaningful insights. We want to have a centralized QE for analytics, visibility, assessments, and decision-making and this solution allows for that.

The other feature that I personally appreciate is its accessibility. You can integrate it with other systems within the environment such as ticketing systems or something for sending alerts and then creating tickets for the operations or security operations team. They can get alerted when these events happen so they can be aware of events and even start troubleshooting for the investigation if it is warranted. It can be integrated seamlessly with other internal systems.

The initial setup is straightforward. 

The improvement would be to make it more user-friendly. They need to lower the learning curve. They should just make it more user-friendly, especially for non-technical people.

Technical support could be improved.

I've been using the solution for around four years. It's been a while. 

Fortinet is good, however, as they get into security analytics, while their support is okay, sometimes it requires some hand-holding and their response is probably not as good as Palo Alto. They've got to get there eventually to improve their support model.

I also use Palo Alto. We have both products in our work environment. We're using Palo Alto also for firewall and sending those logs to another security monitoring tool to make decisions based on analytics that it provides us.

The initial setup is very straightforward and simple. It's not overly complex or difficult. An organization shouldn't have any issues with the process.

I cannot speak to the exact pricing of the solution.

I'm not sure which version of the solution we're using currently.

I'd rate the solution at a nine out of ten. It compliments nicely with Palo Alto.

The primary use case of this solution is as a next-generation firewall. It is used to restrict the breach that will occur from any particular malicious server command or control. 

The primary focus is to save the customer's confidential data and break the connection.

The most valuable features are the playbooks that allow you to take action immediately after the approval of the analytics and anomalies.

It has a quick detection and response time.

The area that needs improvement is integration with multiple third-party vendors. For example, if you have customers who are using the CheckPoint firewall or Sophos firewall, and they are forwarding any logs to the Syslog format system, it should re-automate though the third-party firewall or any third-party proxy.

In the next release, I would like to see UEBA included. User entity behavior analytics is very important. Also, I would like to have the UEBA integrated with the cloud, making it accessible from any specified region. This would be very helpful for our customers.

I have been working with FortiSOAR for five years.

After the new hardware and software were launched, it became more stable.

It's now scalable since the new release.

Technical support is good.

Depending on what hour you are calling, it may take some time. If you are calling within the same time zone then it 's fine, but if you are calling from Africa for example, it will be rerouted to another region.

I was not a part of the initial setup. I only saw the demo and it seems that it is easy, rather than complex.

Now that I have more hands-on experience, I see that it is easy to manage and configure.

Pricing is fine compared to other solutions.

I am a Fortinet certified engineer.

Depending on the customer's requirements, and based on their RFP demand and budget, I would recommend this product.

I would rate this solution an eight out of ten.