Fortinet FortiSIEM Reviews

FortiSIEM analyzes the logs from all the servers and firewalls.

FortiSIEM provides visibility into what happens on our corporate network. We can see traffic from users and detect brute force or bot attacks. It's clear in the SIEM solution. 

FortiSIEM's log correlation is good. 

FortiSIEM could be better integrated with other vendors. 

This happened about one year or one year and a half.

We had some issues during the update. Some updates didn't install, so we opened a ticket with Forti support, but it took more time to solve.

FortiSIEM scales enough for our company. After the initial deployment, we added some servers and increased the resources to enable FortiSIEM to take the logs from the servers.

I rate Fortinet support nine out of 10. It's excellent. 

Positive

Fortinet performed the initial setup, and it took about a week. We installed the image and integrated it with another server's Active Directory. Then we integrated it with the firewalls, routers, switches, and controller. Finally, we had to configure the policies.

I rate Fortinet FortiSIEM eight out of 10. I would recommend FortiSIEM for corporate users, but I haven't tried any other SIEM solutions, so I have no reference for comparison. In the future, we might try another vendor with a more comprehensive solution. 

FortiSIEM is primarily used as a monitoring tool that can monitor all the incidents and events occurring in the network. The main concern of the customer is to view all the events and incidents on a single pane where everything can be managed.

FortiSIEM is very efficient and helps discover all the points of incidents, identifying users that create loopholes in the network and determining potential points of contact.

The most valuable feature is the ability to view all the network events on a single pane and find the point of contact or point of the incident. Along with FortiSIEM, a solution can be provided, which is a feature I admire.

There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore.

I have approximately one year of experience working with FortiSIEM.

I rate the stability of the solution as nine out of ten.

The scalability of the solution is rated eight out of ten.

I rate the technical support provided by Fortinet as nine out of ten.

Positive

The initial setup can vary from being easy to moderate depending on the network size. If the network is small, it might be easy. That said, if it's semi-small or semi-large, it's a moderate setup.

The pricing of FortiSIEM is moderate; it is neither very costly nor very cheap.

I can recommend FortiSIEM, but it depends on customer needs, network size, and preferences. Customers can also consider replacing a physical SOC team with FortiSIEM.

I'd rate the solution eight out of ten.

We primarily use the solution for security.

Fortinet has a unique model, which they call MSSP, managed services security partner. They select a telco in a country, partner with them, and offer them the certification track. We are an MSSP partner in Pakistan. FortiSIEM and FortiSOAR, their overall solutions that are there for threat mitigation, visibility, control, et cetera, is well integrated.

We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers.

There's a VR feature that is basically segmenting these firewalls, these security devices. Using that feature, we can make a network slice for each and every enterprise customer. All of the infrastructure is deployed in our data center, yet customer uses it as if it is their own.

FortiSIEM is not a market leader in the SIEM space. In SIEM solutions, typically, our customers ask for Splunk, or they ask for Logarithm. Some legacy customers ask for IBM. This isn’t as popular. Fortinet needs to grow in that perspective. They need to become a leader in the magic quadrant of Gartner and be seen as visionary so that the top customers, the big customers, take them seriously in the SIEM space.

I’ve been using the solution for more than a year now.

This is an absolutely stable solution. There aren’t bugs or glitches, and it doesn’t crash or freeze. It’s reliable.

We don’t have users per se. We are selling it. We have just started selling it. At this point, we have more than double-digit customers onboarded who are using the services.

My understanding is that the solution is entirely scalable.

We find technical support quite helpful. They're very responsive. They have a very good on-the-ground team in Pakistan.

While I am responsible for the overall product owners within PTCL, within my organization, I don’t directly deal with implementation tasks.

My colleagues tell me it is easy to deal with, however.

I can’t speak to the general cost of the solution. They have a very flexible model for partners like us, however. It is a pay-as-you-grow model.

I’m not sure which exact version I’m using.

We are a cloud provider. Whatever we do, we sell it to our clients. We're not an enterprise, we are a public cloud provider, PTCL, and we sell to our clients.

I’d rate the solution eight out of ten.

If a company already has Fortinet devices in their network they have all the components of security of Fortinet, then it will make sense for them to consider FortiSIEM. If, however, it doesn’t have Fortinet security devices, it may be difficult to leverage.

Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.

It detects new technologies, vulnerabilities, and emerging threats on the internet.

I have been using Fortinet FortiSIEM for four years.

500 users are using this solution.

The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.

Positive

The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.

The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.

I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.

Our provider does the deployment and maintenance.

It has a good price and is more competitive than the others.

If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.

Overall, I rate the solution an eight out of ten.

We are using the solution for our customers. 

The pricing is good. 

The best features are the dashboard and the integration between the Fortinet products. We can connect the nodes very easily.

The initial setup is very easy.

It's great to use both this and FortiSOAR. It makes everything better. If you use them together with Fortianalyzer, it's better than Splunk.

The solution is stable. 

It is a scalable product. 

Technical support is helpful. 

There are some connectivity issues with FortiAnalyzer and FortiGate.

They need to integrate better with Cisco and Palo Alto. 

The solution is very stable. It offers good reliability.

We have found that it is possible to scale the solution.

With technical support, I often direct tickets to them in terms of licensing, and within a maximum of two to three hours, the license will be active. They are very helpful. They are very responsive. They are always responding to the tickets and assisting us. You can show your customer their level of engagement. It's very impressive. Customers are happy.

Positive

In Saudi Arabia, customers are doing Splunk or LogRhythm. In Jordan, we are using Fortinet due to the fact that it is cheaper. 

There is not a huge difference between all the technology as all the partners use the same technology.

The solution is quite simple and straightforward to set up. I'd rate it a four out of five in terms of ease of execution.

There is, for example, no need to more configuration. It's very easy. In the cloud, you just reinstall the virtual machine, its main connectors in Big Sur, and then, on the customer side, you put the small virtual machine at the connectors.

The pricing is very good. It's reasonable and competitive. I'd rate the pricing at five out of five. 

I'd rate the solution a nine out of ten.

We use the solution to monitor events and logs. It gives us a very powerful view of what is going on. We can configure it to send notifications of any malicious detection because it is based on an ML (machine learning) algorithm. Aside from using the solution to monitor the logs from different sources, we can also get detections because it has strong machine learning capability.

Fortinet FortiSIEM provides good detection against advanced threats.

The solution's interface could be modernized and improved.

I have been working with Fortinet FortiSIEM for one year.

I rate Fortinet FortiSIEM ten out of ten for stability.

Around 50 users are using Fortinet FortiSIEM in our organization.

I rate the solution an eight out of ten for scalability.

I rate Fortinet FortiSIEM a nine out of ten for the ease of its initial setup.

If nothing goes wrong, the solution can be deployed in one week.

We have seen a return on investment with Fortinet FortiSIEM.

Fortinet FortiSIEM is very cost-efficient compared to other SIEM solutions.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

The solution is deployed on the cloud in our organization. I'll recommend Fortinet FortiSIEM to users because of its functionalities, irrespective of whether they have a hybrid, on-prem, or cloud deployment. If a company has some compliance and regulations, the solution can fulfill their compliance and regulations within their country or industry.

Overall, I rate Fortinet FortiSIEM a nine out of ten.

We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.

Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.

Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.

Fortinet FortiSIEM's database monitoring could be made easier, like the servers and the security devices.

I have been using Fortinet FortiSIEM for the past four to five months.

Fortinet FortiSIEM is a stable product.

Fortinet FortiSIEM is a scalable product. We initially configured five devices, and then we could scale it to twenty. There could be some issues if the device count goes up to hundreds and thousands. Around 10 to 15 engineers use Fortinet FortiSIEM in our company.

Overall, I rate Fortinet FortiSIEM an eight out of ten.

We have eight use cases installed, and we are collecting log sources from most of the relevant endpoints. We did all that configuration ourselves. So, the product didn't really have a lot to do with it.

It is deployed on a private cloud. We manage the cloud infrastructure ourselves, and its primary purpose is to monitor and protect our network devices and our own business systems, not necessarily our customer-facing services.

We are most probably on version 3. We are not on the current release.

The event correlation is pretty robust. The GUI is pretty good. 

Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire.

The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work.

The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.

We've been using it for about three years.

Scaling is problematic because of the architecture. It is very hard to figure out the required compute, memory, and disk space because the documentation is so bad. Like any SIEM, it is very compute-heavy. So, scaling is always a problem. We've come to the conclusion that it is not scalable to the magnitude that we require.

I have two system administrators at the moment who are a part of my SOC. We have a very small operation. My SOC right now is comprised of two analysts, a senior analyst, and a manager. All of them are technical, and all of them are involved in managing this solution in one way, shape, or form.

We use the product as one of our internal controls. We have several others, which I won't get into, and we do not plan on scaling it beyond that. We have been piloting some customer-facing use cases, and we will be deprecating those, scaling them back, and moving them to the Microsoft product.

Their technical support is really bad. Their account support and product support are fine. I would rate their technical support one out of ten.

Negative

The initial deployment was done with the partner. Since then, we have done additional endpoints and upgrades, and we are doing all the work ourselves now. 

We used a partner to help us with the initial setup.

We are not really tracking ROI. We just view it as a cost of business, and we are not driving any revenue from it. So, it is just a sum cost.

This is probably more on the lower cost end of the spectrum compared to competing products.

Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model.

In terms of additional costs, we also pay for our cloud infrastructure to run it. If your log source is not supported, you're going to have to develop custom parsing. So, you're going to incur that development cost. There is also the normal day-to-day administration cost.

We implemented Fortinet FortiSIEM for our own use, and then we have been exploring the idea of using it for a customer-facing or a managed service provider multi-tenant SIEM. We offer managed SIEM services to our customers, and we've come to the conclusion that it is not well suited for that purpose. We are in the process of installing Microsoft Sentinel and Azure Lighthouse for a new service.

My overall impression is that this is an SMB product. It is not a large-scale enterprise or multi-tenant product. Even though they tell you it'll do that, it is an SMB tool, and it is pretty good for that purpose. However, most institutions would not have the required in-house expertise for it. You need a dedicated, skilled technical administrator. You need your own DevOps team, which small and medium businesses generally don't have, or you can do what we did and use a partner to do the work for you.

I would caution others to fully understand the support model and talk to reference customers about it and have a solid understanding of what their internal resource needs will be to implement and support it. That's because it is complicated. Depending on the product you pick, you would need some in-house technical capabilities. For bigger companies, that's usually not a problem, but for small and medium businesses, that can be a problem.

I would rate it a six out of ten. It is suitable for its purpose. It is targeted at the SMB market. The feature function is fine. I would rate it higher if their technical support was better.