We are using Fortinet FortiAnalyzer for analyzing network traffic and it provides us with log analytics.
Security Engineer at a financial services firm with 501-1,000 employees
Overall features useful, reliable, but need more integration
Pros and Cons
- "Overall we are satisfied with all the features the solution provides."
- "There are a lot of solutions on the market and Fortinet FortiAnalyzer is limited. It cannot be used across multiple vendors. They can improve by advancing their technology."
What is our primary use case?
What is most valuable?
Overall we are satisfied with all the features the solution provides.
What needs improvement?
There are a lot of solutions on the market and Fortinet FortiAnalyzer is limited. It cannot be used across multiple vendors. They can improve by advancing their technology.
The solution could improve by having better integration and support with Apple, Linux, and Microsoft solutions.
For how long have I used the solution?
I have been using Fortinet FortiAnalyzer for approximately five years.
Buyer's Guide
Fortinet FortiAnalyzer
November 2024
Learn what your peers think about Fortinet FortiAnalyzer. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
We have been making changes to the cloud signatures and categories because the market is changing and Fortinet FortiAnalyzer has been stable and reliable.
What do I think about the scalability of the solution?
The solution is scalable but there are additional costs if you want to increase the scalability.
How are customer service and support?
We have been satisfied with the support.
How was the initial setup?
The installation was not difficult.
What about the implementation team?
We did the implementation ourselves.
What's my experience with pricing, setup cost, and licensing?
In the local market sometimes people are being charged more than other solutions. Although the market is competitive, legitimate suppliers do not receive a large enough discount to pass onto the customers.
Fortinet FortiAnalyzer is not suitable for everyone, it is best suited for mid-sized businesses but if the price could be reduced there would be more customers in all-sized businesses.
What other advice do I have?
I rate Fortinet FortiAnalyzer a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Service at MPM
Has a useful dashboard and good scalability
Pros and Cons
- "The feature I find most useful is the handy dashboard."
- "I would like to see an improvement in the technical support. Stronger authentication will also be a plus."
What is our primary use case?
Our primary use case of this solution is for bandwidth. We are very satisfied with this program.
What is most valuable?
The feature I find most useful is the handy dashboard.
What needs improvement?
I would like to see an improvement in the technical support. Stronger authentication will also be a plus.
In the next version, I would like to have authentication for 40 tokens.
For how long have I used the solution?
I have been using Fortinet FortiAnalyzer for a month now on private cloud.
What do I think about the scalability of the solution?
We have between 20 and 25 users and we plan to increase this number, so I believe the program is scalable.
How are customer service and technical support?
We are very satisfied with the customer service.
How was the initial setup?
The initial setup was straightforward and deployment took us about eight months. The reason for this is that we installed other programs during this time too, like Fireworks Data Center, Switch Data Center, Cisco Nexus Data Center, and Forcepoint. We use Stitch as our local manager.
What's my experience with pricing, setup cost, and licensing?
All Fortinet programs come at a good price.
What other advice do I have?
I will definitely recommend this solution to others. My rating is a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiAnalyzer
November 2024
Learn what your peers think about Fortinet FortiAnalyzer. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
System & Network Administrator at a tech services company with 11-50 employees
Gives us a simplified and user-friendly interface to work with
Pros and Cons
- "It has a simplified and user-friendly interface."
- "When it comes to pushing logs to a SIEM, most of the time we have some issues when it comes to filtering."
What is our primary use case?
We use the analyzer for reporting, to know what exactly is happening on the network. We use it to see which accesses are granted, which accesses are denied, which sites are visited, which botnets are coming in, which viruses, etc.
The solution is on-premise. Most of the time we set it up on the client's premises, depending on their needs. The cloud is there for testing.
What is most valuable?
It has a simplified and user-friendly interface.
What needs improvement?
With FortiAnalyzer, most of the time, although the interface is simplified, when you are new to it you have issues of navigating through it.
And when it comes to pushing logs to a SIEM, most of the time we have some issues when it comes to filtering.
Also, reports need to be simplified because its reporting currently includes more detailed and technical things. If we could get a simplified or executive summary, that would be good.
For how long have I used the solution?
We have been using this solution for about four or five years.
What do I think about the stability of the solution?
It's very stable, unlike the previous version which, when the logs were huge, would crash and we would have to reset it and start all over again.
What do I think about the scalability of the solution?
The scalability is also fine if you do your prerequisites right. If so, you won't have any issues. But if you don't do your scoping right, and more logs come into the system - more than it can handle - you will face issues. You need to do your scoping right to get it to be stable and scalable.
How are customer service and technical support?
Technical support is kind of slow. When you have 24/7 support, the response is quick. But when you send something in, it takes a long time to get a response. Fortinet support is a little bit slow when using their portal for support.
In our case, because we are partners, we have a couple of tech guys we can call to get support done. When an end-user requests support through the portal, and even when we do, it takes hours to get a response.
Which solution did I use previously and why did I switch?
We work with multiple solutions and Fortinet has been the number-one.
How was the initial setup?
For me, the initial setup was straightforward. The deployment takes approximately ten minutes. In some cases we could be waiting for results, waiting for logs to get up to do some analysis.
What's my experience with pricing, setup cost, and licensing?
The price is quite expensive. Fortinet products are very expensive. That is something which they should also look at, because if you compare Fortinet product to, say, Sophos for example, Fortinet is really high and that's the only thing which is a drawback for most users. Although their plan is a value-for-money appliance, the price is expensive.
What other advice do I have?
Anyone who asks me about a Fortinet product, I'll give that person a thumbs-up. So far, Fortinet has been the best for me. It's a value-for-money appliance, it has an easy to use interface, and it gives you exactly what you want. The only drawback would be the price.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Systems Architect at ZENTIUS
Great UI, good performance, and never crashes
Pros and Cons
- "Log collection is the most valuable. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine."
- "It will be better if behavior or indicators of compromise were on the same licensing schema. Currently, it is an advanced feature that you have to purchase as an add-on. This is the reason we're trying to do the ELK so that we can integrate them and create those rules by using open-source software. It will also be better if it has some more integration with IT service management tools so that we can do endpoint protection and response based on those indicators of compromise or those behavior analysis rules that create events that can automatically flow. We can inject that data into a service incident ticket on our IT service management tool, and that way we can assign the ticket to the proper teams and respond right away. Currently, we only have integration with ServiceNow."
What is our primary use case?
We mostly use the FortiAnalyzer VM. We sell the license for this solution and also the professional service to have it.
There are different types of business needs of our clients because they're in different business areas. We have firewalls on them. Some of them are on the perimeter network, and some of them are being used as the core network solution. We collect all the logs from their FortiGates.
In some cases, we also use FortiWeb, which is a web application firewall. We also use FortiMail, which is an email protection solution or email security solution. We gather all the logs on FortiAnalyzer, and we try to do some flat counting and identify behavior or do behavior analysis from those logs and see what is interesting. Our team analyzes those events so that we can prevent any disruption of service because of the security, vulnerability, or issue.
What is most valuable?
Log collection is the most valuable. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine.
What needs improvement?
It will be better if behavior or indicators of compromise were on the same licensing schema. Currently, it is an advanced feature that you have to purchase as an add-on. This is the reason we're trying to do the ELK so that we can integrate them and create those rules by using open-source software.
It will also be better if it has some more integration with IT service management tools so that we can do endpoint protection and response based on those indicators of compromise or those behavior analysis rules that create events that can automatically flow. We can inject that data into a service incident ticket on our IT service management tool, and that way we can assign the ticket to the proper teams and respond right away. Currently, we only have integration with ServiceNow.
For how long have I used the solution?
I have been using this solution for five years.
What do I think about the stability of the solution?
We have the box or the VM running for more than a couple of years now. We do upgrade so that we can add new features that Fortinet is releasing, but it is pretty stable. It never crashes.
What do I think about the scalability of the solution?
It is a little complex in terms of scalability and mostly because we're using a kind of high-end systems. For scaling, you have to order a different licensing and move more power and computing into a new architecture. It doesn't have that much scalability.
Our clients are SMB or small and medium businesses, but we also have plenty of customers on the campus wide area network.
How are customer service and technical support?
I would rate them a five out of ten. They will have to move their base locations to a different city. I'm not a native speaker of English, and sometimes, when we're trying, there is a language barrier. They're located in India or some Middle East city. They can do really better. Sometimes their response is not as adequate as other vendors.
How was the initial setup?
It was very straightforward. The deployment could take a couple of days to fine-tune all the rules for log management.
What other advice do I have?
There are plenty of solutions. Fortinet FortiAnalyzer is very helpful if you are really into FortiGate devices. We handle other firewalls, but 80% to 85% of them are Fortinet, so it is a very good solution because it has native integration with everything, but I wouldn't recommend it if you have less than 50% of Fortinet firewalls. If you have agnostic technology, you can integrate all of them into the same solution. FortiAnalyzer is only for FortiGates right now.
I would rate Fortinet FortiAnalyzer a nine out of ten. It just needs more integration with IT service management tools for endpoint detection and response, which is the main objective.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Technical Presales Engineer at Dristi Tech Pvt.ltd
Provides very good metrics, visibility of the network and does what a network analyzer should do
Pros and Cons
- "The feature that I have found the most valuable is to be able to see everything in our network in a single task. A single menu and the graphical bar charts that it provides to give insights are very useful. It also gives very good metrics on bandwidth utilization, CPU, and device performance. It is very simple and easy to use as well."
- "They can include integration with devices, such as firewalls, endpoints, from other vendors. They can include graphic monitoring of everything in the network, not just Fortinet products. It would also be good to include customizable reports and customizable views of the reports."
What is our primary use case?
Generally, Fortinet FortiAnalyzer gives you visibility around the network. You can track and monitor devices and pick the surrounding network. You can see which packets are being sent to the network, who the users are, and what are they using. You can also view the policies and firewall rules that are being used, the IDs that are being connected to, and the IP address a particular user is using.
Basically, it's a SOC. It's a security operations device. We use it for continuous monitoring, and it takes a team to do so. In my organization, three to four people are using it on a daily basis.
What is most valuable?
The feature that I have found the most valuable is to be able to see everything in our network in a single task. A single menu and the graphical bar charts that it provides to give insights are very useful.
It also gives very good metrics on bandwidth utilization, CPU, and device performance. It is very simple and easy to use as well.
What needs improvement?
They can include integration with devices, such as firewalls, endpoints, from other vendors. They can include graphic monitoring of everything in the network, not just Fortinet products.
It would also be good to include customizable reports and customizable views of the reports.
For how long have I used the solution?
I have been using Fortinet FortiAnalyzer for about five to eight months. We are using the latest version. We have deployed it on-premises as a VM.
What do I think about the stability of the solution?
It's pretty stable.
What do I think about the scalability of the solution?
I'd say that it's very scalable. Scalability depends on which version of the appliance you're using.
If you're using a hardware-based appliance, it's obviously tough to scale as that would require purchasing new devices. If you go to cloud services or virtual services, it's pretty easy to scale. You need to purchase new VMs and add the IOCs that you need, which is easy.
How are customer service and technical support?
I have contacted technical support, but not particularly regarding Fortinet FortiAnalyzer. I have only contacted them for firewalls and routing issues. I have not yet contacted them for things related to Fortinet FortiAnalyzer.
How was the initial setup?
It's very easy and straightforward. You just need the point the FortiGate devices to your Fortinet FortiAnalyzer, and it just automatically configures the security fabric. The time depends on how many devices you're actually using. Configuring one device into your Fortinet FortiAnalyzer takes about five minutes or so.
What about the implementation team?
The deployment was pretty straightforward. I didn't need any help in setting it up. I did it myself very easily. It comes with useful guidelines for setting it up. They also provide documentation and information through their website.
One person can easily do the deployment, but the main goal of the solution is to continue to monitor the regular network traffic for which a team is required. Our software team is responsible for handling such things.
Which other solutions did I evaluate?
This product is only dedicated to packet analyzing, automation, and things like that. I have not used analyzers of other vendors. However, other solutions do provide similar functionalities.
What other advice do I have?
It is kind of a very good network packet analyzer solution. It does what a network analyzer should do, and it does it very well.
In terms of firewalls and using network analyzers, Fortinet has always been the leader among the leaders. Fortinet provides very good features and products. Specifically, if you want to use Fortinet FortiAnalyzer, you need to have a FortiGate environment. You need at least one FortiGate or other similar product in your network. So, if you are already using or are into Fortinet products, then FortiAnalyzer is a very good product to add on top of other products. Having only FortiAnalyzer in your network is kind of useless.
I would rate Fortinet FortiAnalyzer a nine out of ten. It's a very good product.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Diretor Técnico at TND Brasil
Has good report templates and works very well for reporting and analysis
Pros and Cons
- "The report templates are valuable. It works very well, and integrations also work well."
- "Feature-wise, it is working very well for us. We don't need any additional features. However, its pricing can be improved. For small business customers, price is an important factor."
What is our primary use case?
We use it for reports and analysis.
What is most valuable?
The report templates are valuable. It works very well, and integrations also work well.
What needs improvement?
Feature-wise, it is working very well for us. We don't need any additional features. However, its pricing can be improved. For small business customers, price is an important factor.
For how long have I used the solution?
I have been using this solution for two years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is easy to scale.
What's my experience with pricing, setup cost, and licensing?
It is expensive for small business customers. It is only available for customers with a high number of firewalls to manage or to report. If a customer has only five boxes of FortiGate, the price of FortiAnalyzer can be more than the five boxes. So, we can't easily put this solution for small business customers.
What other advice do I have?
I would rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Presales Technical Specialist at a computer software company with 201-500 employees
Simple, straightforward, and stable
Pros and Cons
- "I like its simplicity. It is straightforward. We get reports and emails about the logs, and that's it."
- "The cloud version can be expensive. If the customers could get the resources to store the logs on-premises, it would be much better."
What is our primary use case?
It is used to get the logs of all boxes that a customer has.
What is most valuable?
I like its simplicity. It is straightforward. We get reports and emails about the logs, and that's it.
What needs improvement?
The cloud version can be expensive. If the customers could get the resources to store the logs on-premises, it would be much better.
In terms of features, there is no need for additional features.
For how long have I used the solution?
I have been using this solution for three years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is scalable.
What about the implementation team?
We need only one engineer for its deployment and maintenance.
What's my experience with pricing, setup cost, and licensing?
It is acceptable for on-premises, but it is expensive for the cloud.
What other advice do I have?
I would rate it a 10 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Technical Officer at a tech services company with 11-50 employees
Stable and scalable but a little overpriced
Pros and Cons
- "Initial setup is ok."
- "Pricing should be about 10-20% lower."
What is most valuable?
The feature I find most valuable is the reporting customization.
What needs improvement?
Areas for improvement would be the default template reporting and the user-friendliness of the report customization. In the next release, I would like to see more information about tracking intelligence.
For how long have I used the solution?
I have been using this product for over five years.
What do I think about the stability of the solution?
This solution is stable.
What do I think about the scalability of the solution?
This solution is scalable.
How are customer service and support?
Technical support is fine, but they could improve their understanding of the customer environment when troubleshooting.
How was the initial setup?
The initial setup is ok.
What's my experience with pricing, setup cost, and licensing?
The pricing of this product should be about 10-20% lower.
What other advice do I have?
This is a good product, but I think there are better ones for log analytics. I would rate this product seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Download our free Fortinet FortiAnalyzer Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Log ManagementPopular Comparisons
Splunk Enterprise Security
Dynatrace
IBM Security QRadar
Elastic Security
Elastic Observability
LogRhythm SIEM
Sumo Logic Security
Grafana Loki
Security Onion
Securonix Next-Gen SIEM
syslog-ng
Buyer's Guide
Download our free Fortinet FortiAnalyzer Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?
- Why are Log Management tools important for companies?