Try our new research platform with insights from 80,000+ expert users
Vishwajeet Pandey - PeerSpot reviewer
Vice President at Ogma Consulting
Real User
Top 5
Efficient monitoring tool consolidating network events for streamlined management
Pros and Cons
  • "The most valuable feature is the ability to view all the network events on a single pane and find the point of contact or point of the incident."
  • "There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore."

What is our primary use case?

FortiSIEM is primarily used as a monitoring tool that can monitor all the incidents and events occurring in the network. The main concern of the customer is to view all the events and incidents on a single pane where everything can be managed.

How has it helped my organization?

FortiSIEM is very efficient and helps discover all the points of incidents, identifying users that create loopholes in the network and determining potential points of contact.

What is most valuable?

The most valuable feature is the ability to view all the network events on a single pane and find the point of contact or point of the incident. Along with FortiSIEM, a solution can be provided, which is a feature I admire.

What needs improvement?

There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore.

Buyer's Guide
Fortinet FortiSIEM
December 2024
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

For how long have I used the solution?

I have approximately one year of experience working with FortiSIEM.

What do I think about the stability of the solution?

I rate the stability of the solution as nine out of ten.

What do I think about the scalability of the solution?

The scalability of the solution is rated eight out of ten.

How are customer service and support?

I rate the technical support provided by Fortinet as nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup can vary from being easy to moderate depending on the network size. If the network is small, it might be easy. That said, if it's semi-small or semi-large, it's a moderate setup.

What's my experience with pricing, setup cost, and licensing?

The pricing of FortiSIEM is moderate; it is neither very costly nor very cheap.

What other advice do I have?

I can recommend FortiSIEM, but it depends on customer needs, network size, and preferences. Customers can also consider replacing a physical SOC team with FortiSIEM.

I'd rate the solution eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
SrikanthS - PeerSpot reviewer
Senior Manager - Technical at Sify Technologies
Real User
Top 10
A stable solution with an awesome IP database
Pros and Cons
  • "The solution’s IP database is awesome."
  • "When our team tried configuring logs for Microsoft SQL, it did not work."

What is our primary use case?

We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.

What is most valuable?

The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.

What needs improvement?

When our team tried configuring logs for Microsoft SQL, it did not work.

The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.

For how long have I used the solution?

I have been using the solution for the past four to five months.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.

How are customer service and support?

My team members contacted the support team, and they helped us configure a few things.

How was the initial setup?

My team did not face any issues during configuration.

What other advice do I have?

I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Fortinet FortiSIEM
December 2024
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Security Manager at Banco Lopez de Haro
Real User
Top 10
Audits servers, handles vulnerability detection and correlates traffic
Pros and Cons
  • "It detects new technologies, vulnerabilities, and emerging threats on the internet."
  • "The deployment of the platform took some time to set up and configure."

What is our primary use case?

Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.

What is most valuable?

It detects new technologies, vulnerabilities, and emerging threats on the internet.

For how long have I used the solution?

I have been using Fortinet FortiSIEM for four years.

What do I think about the scalability of the solution?

500 users are using this solution.

How are customer service and support?

The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.

How was the initial setup?

The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.

I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.

What about the implementation team?

Our provider does the deployment and maintenance.

What was our ROI?


What's my experience with pricing, setup cost, and licensing?

It has a good price and is more competitive than the others.

What other advice do I have?

If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.

Overall, I rate the solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Network Associate at AMCON, Inc.
Real User
Top 5Leaderboard
Utilized for managing devices on the network, providing real-time incident reports on server and network changes
Pros and Cons
  • "It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
  • "Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."

What is our primary use case?

We're using it to manage devices on the network. We get real-time incident reports on changes done on the servers and changes on routers and switches. They also use it to provide reports to management on activities, incidents, and events.

What is most valuable?

I like the reporting model where you can drill-down capabilities into user actions on the network.

I also like CMDB. The CMDB captures devices as long as they have SNMP enabled. It captures the information for me. 

What needs improvement?

Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information.

When you're generating a report on the report line, sometimes it is very important to understand the criteria for creating the database to get the report you want. If FortiSIEM can improve on that, the user is looking for specific information, and it comes by. You don't need a technical person to generate a report. It's a bit difficult for you to generate it without drilling down. You need to keep clicking, and narrowing down your search to get what you want. 

If there will be some level of info, I like the reporting on FortiAnalyzer because one can see the number of people consuming bandwidth on the network, who the top users are, at the critical button you specified, and how long the duration is. FortiSIEM is not as easy.

For how long have I used the solution?

I have been using it for three years. I currently use the version 6.3.

What do I think about the stability of the solution?

It is a stable solution.  So far, it's been relatively stable. The current version we're using will expire in 2024, so we're planning to upgrade to the next version soon. We're also considering moving to the cloud, which may impact stability, but we'll have to see how that goes.

What do I think about the scalability of the solution?

It is a scalable solution on-prem environment. We will be testing the scalability when we migrate to the cloud. 

We have between 300 and 400 users. There are three administrators on the system who manage devices for 25 EPS and close to 100 EPS. We are only licensed for 200 EPS, but we have plans to increase the number of users.

How are customer service and support?

The customer service and support have been helpful. We log in the case, they come back to us, and then we resolve it.

Which solution did I use previously and why did I switch?

We were using Check Point before we migrated to FortiSIEM. We used Check Point for about ten years before we moved to FortiGate.

So, we switched to Fortinet from Check Point. There were two main reasons. First, we weren't getting the support we needed from Check Point. Second, the cost of renewing support for our end-of-life devices was too high. We had a limited budget, so we looked for a solution that could give us the same features and capacity as Check Point at a more competitive price. We opted for FortiSIEM because it met both of our requirements.

How was the initial setup?

The initial setup was straightforward because Fortinet had already provisioned the appliance. We added it to our VM and finished up by configuring the key. The only bit where there was a bit of a problem was when we started because it was supposed to be a three-in-one appliance, but we noticed that we needed to separate the collector in a different location. Otherwise, it's a straightforward process.

My understanding of a three-in-one appliance is that both the collector and the other components have to be in the same box. However, there was certain information that we were not getting, and I understand that this was changed in the 6.3 version, where the collector is separate.

This makes it easier to use agentless apps, because with agentless apps, the information is now sent back to the collector if it is separate from the other components. So, we now have to start making changes to the Kapolei collector with storage and all that. I think it's still pretty straightforward though.

What about the implementation team?

We used a consultant for the deployment because it was a new product, and we wanted to ensure that it was done correctly. However, it is possible to deploy Fortinet FortiSIEM in-house by following the deployment guide.

The deployment took one week to deploy Fortinet FortiSIEM, excluding the time it took to acquire the necessary servers and virtual machines.

The first step was to purchase the necessary servers and virtual machines. We also needed to upgrade our VM version from 5 to 7.X. Once we had all of the necessary hardware and software in place, we were able to begin the deployment process.

We have five managers overseeing IT, internal control, and corporate. The staffing needs depend on their specific roles. The ID team provides the necessary support to ensure the application runs smoothly. Control users are in place to ensure that changes are made with proper information, and any alterations require approval. For these tasks, we have approximately five admins managing the process.

What's my experience with pricing, setup cost, and licensing?

We pay for a license for FortiSIEM. We pay for the license and renewal. 

It is expensive. The initial cost was almost prohibitive, but we went with it because it was a recommendation from our recruiters. Otherwise, we probably wouldn't have done it because it was expensive.

What other advice do I have?

Overall, I would rate the solution a nine out of ten. It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely. I've been using FortiSIEM for about two years and FortiGate for about ten years, and I would recommend FortiSIEM to people who are interested in running next-generation firewalls.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ijeoma Nkemjika - PeerSpot reviewer
Customer Success Manager at Digitank Technology
Reseller
Top 5
Provides good detection against advanced threats because it has a strong machine-learning capability
Pros and Cons
  • "Fortinet FortiSIEM provides good detection against advanced threats."
  • "The solution's interface could be modernized and improved."

What is our primary use case?

We use the solution to monitor events and logs. It gives us a very powerful view of what is going on. We can configure it to send notifications of any malicious detection because it is based on an ML (machine learning) algorithm. Aside from using the solution to monitor the logs from different sources, we can also get detections because it has strong machine learning capability.

What is most valuable?

Fortinet FortiSIEM provides good detection against advanced threats.

What needs improvement?

The solution's interface could be modernized and improved.

For how long have I used the solution?

I have been working with Fortinet FortiSIEM for one year.

What do I think about the stability of the solution?

I rate Fortinet FortiSIEM ten out of ten for stability.

What do I think about the scalability of the solution?

Around 50 users are using Fortinet FortiSIEM in our organization.

I rate the solution an eight out of ten for scalability.

How was the initial setup?

I rate Fortinet FortiSIEM a nine out of ten for the ease of its initial setup.

What about the implementation team?

If nothing goes wrong, the solution can be deployed in one week.

What was our ROI?

We have seen a return on investment with Fortinet FortiSIEM.

What's my experience with pricing, setup cost, and licensing?

Fortinet FortiSIEM is very cost-efficient compared to other SIEM solutions.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

What other advice do I have?

The solution is deployed on the cloud in our organization. I'll recommend Fortinet FortiSIEM to users because of its functionalities, irrespective of whether they have a hybrid, on-prem, or cloud deployment. If a company has some compliance and regulations, the solution can fulfill their compliance and regulations within their country or industry.

Overall, I rate Fortinet FortiSIEM a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
reviewer1755144 - PeerSpot reviewer
Director, Infrastructure and Operations at a comms service provider with 11-50 employees
Real User
It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources
Pros and Cons
  • "The event correlation is pretty robust. The GUI is pretty good."
  • "Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."

What is our primary use case?

We have eight use cases installed, and we are collecting log sources from most of the relevant endpoints. We did all that configuration ourselves. So, the product didn't really have a lot to do with it.

It is deployed on a private cloud. We manage the cloud infrastructure ourselves, and its primary purpose is to monitor and protect our network devices and our own business systems, not necessarily our customer-facing services.

We are most probably on version 3. We are not on the current release.

What is most valuable?

The event correlation is pretty robust. The GUI is pretty good. 

What needs improvement?

Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire.

The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work.

The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.

For how long have I used the solution?

We've been using it for about three years.

What do I think about the scalability of the solution?

Scaling is problematic because of the architecture. It is very hard to figure out the required compute, memory, and disk space because the documentation is so bad. Like any SIEM, it is very compute-heavy. So, scaling is always a problem. We've come to the conclusion that it is not scalable to the magnitude that we require.

I have two system administrators at the moment who are a part of my SOC. We have a very small operation. My SOC right now is comprised of two analysts, a senior analyst, and a manager. All of them are technical, and all of them are involved in managing this solution in one way, shape, or form.

We use the product as one of our internal controls. We have several others, which I won't get into, and we do not plan on scaling it beyond that. We have been piloting some customer-facing use cases, and we will be deprecating those, scaling them back, and moving them to the Microsoft product.

How are customer service and support?

Their technical support is really bad. Their account support and product support are fine. I would rate their technical support one out of ten.

How would you rate customer service and support?

Negative

How was the initial setup?

The initial deployment was done with the partner. Since then, we have done additional endpoints and upgrades, and we are doing all the work ourselves now. 

What about the implementation team?

We used a partner to help us with the initial setup.

What was our ROI?

We are not really tracking ROI. We just view it as a cost of business, and we are not driving any revenue from it. So, it is just a sum cost.

What's my experience with pricing, setup cost, and licensing?

This is probably more on the lower cost end of the spectrum compared to competing products.

Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model.

In terms of additional costs, we also pay for our cloud infrastructure to run it. If your log source is not supported, you're going to have to develop custom parsing. So, you're going to incur that development cost. There is also the normal day-to-day administration cost.

Which other solutions did I evaluate?

We implemented Fortinet FortiSIEM for our own use, and then we have been exploring the idea of using it for a customer-facing or a managed service provider multi-tenant SIEM. We offer managed SIEM services to our customers, and we've come to the conclusion that it is not well suited for that purpose. We are in the process of installing Microsoft Sentinel and Azure Lighthouse for a new service.

What other advice do I have?

My overall impression is that this is an SMB product. It is not a large-scale enterprise or multi-tenant product. Even though they tell you it'll do that, it is an SMB tool, and it is pretty good for that purpose. However, most institutions would not have the required in-house expertise for it. You need a dedicated, skilled technical administrator. You need your own DevOps team, which small and medium businesses generally don't have, or you can do what we did and use a partner to do the work for you.

I would caution others to fully understand the support model and talk to reference customers about it and have a solid understanding of what their internal resource needs will be to implement and support it. That's because it is complicated. Depending on the product you pick, you would need some in-house technical capabilities. For bigger companies, that's usually not a problem, but for small and medium businesses, that can be a problem.

I would rate it a six out of ten. It is suitable for its purpose. It is targeted at the SMB market. The feature function is fine. I would rate it higher if their technical support was better.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SrikanthS - PeerSpot reviewer
Senior Manager - Technical at Sify Technologies
Real User
Top 10
An authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same
Pros and Cons
  • "Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same."
  • "Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time."

What is our primary use case?

We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.

What is most valuable?

Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.

What needs improvement?

Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.

Fortinet FortiSIEM's database monitoring could be made easier, like the servers and the security devices.

For how long have I used the solution?

I have been using Fortinet FortiSIEM for the past four to five months.

What do I think about the stability of the solution?

Fortinet FortiSIEM is a stable product.

What do I think about the scalability of the solution?

Fortinet FortiSIEM is a scalable product. We initially configured five devices, and then we could scale it to twenty. There could be some issues if the device count goes up to hundreds and thousands. Around 10 to 15 engineers use Fortinet FortiSIEM in our company.

What other advice do I have?

Overall, I rate Fortinet FortiSIEM an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SreejeshSoman - PeerSpot reviewer
Security Consultant at Vertex Techno Solutions (B) Pvt Ltd
Real User
Top 10
Helps collect security logs from all network devices
Pros and Cons
  • "The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products."
  • "The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues."

What is our primary use case?

I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.

What is most valuable?

The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products. The tool has an endless number of templates, so based on a customer's use case, we can choose the templates, create the report as per compliance, and submit it to management for higher visibility.

What needs improvement?

With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily.

The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.

For how long have I used the solution?

I have been using Fortinet FortiSIEM for more than ten years. I am an integrator of the solution. I use Fortinet FortiSIEM 7.0.0.

What do I think about the stability of the solution?

From the application perspective, yeah, I think it is a stable tool most of the time, but we have met some issues with the database sometimes. Stability-wise, I rate the solution a nine out of ten.

What do I think about the scalability of the solution?

It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.

I think around ten customers of my company use the tool.

My customers are medium and enterprise-sized businesses.

How are customer service and support?

The solution's technical support has been a nightmare. I rate the technical support a four or five out of ten.

How would you rate customer service and support?

Neutral

How was the initial setup?

If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten. It is not very complicated, but a tech person who has the expertise to install and scale implement all these features would be required to implement the tool.

The product's installation model depends on the company's compliance and IT policies. Most customers prefer implementing an on-premises model. When considering commercial and upfront investment, customers are ready to go for cloud solutions as well. But in my experience, most customers prefer to implement an on-premises model.

The time required to deploy the solution depends on how big your network is currently. It might take two days to up to two weeks, so that is the normal project implementation time. It is always based on how big our network is and how we know our network. If customers have good visibility and understanding of their network, good access, and all the authentication paths, the integration will be much easier. In some cases, it might take more than two weeks. On average, I think it will take one to two weeks to complete installation.

The deployment of the tool is always for the SOC part of a company. It is used for real-time network analytics.

For the deployment, we discuss all the requests or use cases with the customer and understand their network topology. Most of the time, we access their platform for installation, and so we deal with virtualization platforms, like VMware ESXi, and based on that, we will download the SIEM pack from Fortinet. Once the installation has been completed, we try to find all the devices in the network that we need to monitor so we can enable all those processes. It is the normal deployment procedure we are following for implementation. Once the primary implementation has been completed based on customer use cases or complaints, we might create those dashboards and templates for reporting.

What's my experience with pricing, setup cost, and licensing?

If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap.

What other advice do I have?

For threat detection, some AI-based analytics tools are there, and it is one of the latest features in the product. The AI helps mitigate threats.

In terms of the tool's ability to streamline customer security workflow, the product normally searches events in real-time, so customers will get alerts of the event in real-time. Compared to other products like Splunk or Oracle, I think Fortinet FortiSIEM is more reliable in real-time.

If there is proper support and better technical capabilities, it can become a good solution.

I rate the tool an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: integrator
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.