Fortinet FortiSIEM Reviews

We are using Fortinet FortiSIEM for multi-tenant SOC service.

Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.

Fortinet FortiSIEM has helped us achieve our goal of serving multi-tenant SOC services. We're able to serve multiple clients at the same time.

Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.  

The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.

I have been using Fortinet FortiSIEM for one year.

Fortinet FortiSIEM is stable.

The scalability of Fortinet FortiSIEM is good.

We have contacted the support a number of times and they were helpful.

The initial setup of Fortinet FortiSIEM is straightforward. It took us approximately two weeks.

We did the deployment in-house. We had two people for the implementation.

We are using Fortinet FortiSIEM to serve clients, and we are receiving our return on investment from them.

The price of Fortinet FortiSIEM was reasonable compared to other solutions.

There are many licenses required, such as the MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent license that you need. If you use any Windows Agent, you receive a separate license charge.

We started using Fortinet FortiSIEM because we were recommended to use it by a trusted source.

My advice to others would be to carefully look at the cost involved, and look closely at the licensing model. If it's a model that works for you, then great. However, it came as a surprise to us, we were told that we would be giving different licenses for the devices, and for the Windows Agent separately. We were not expecting the additional costs, it caught us off guard.

I rate Fortinet FortiSIEM a six out of ten.

My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.

Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.

The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.

I have been using Fortinet FortiSIEM for two years.

Stability is very good.

Fortinet FortiSIEM is scalable.

Technical support is perfect.

The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.

We use an integrator for the deployment of Fortinet FortiSIEM. 

The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.

Before fitting the product into your environment, make sure you have the right requirements.

I would rate Fortinet FortiSIEM a 9 out of 10.

I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.

The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.

Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.

The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.

I have been using Fortinet FortiSIEM since 2018.

Stability-wise, I rate the solution a nine out of ten.

If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.

It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.

My company deals with around six customers who use the product.

The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.

The product's initial setup phase is easy.

In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.

After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.

I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.

There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.

The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.

I rate the integration capabilities of the tool a nine out of ten.

The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.

It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.

I rate the tool a nine out of ten.

I use the solution in my company since it provides ease of monitoring. My company uses the product to get reports for our customers and monitoring purposes, as per the customer's preferences.

At times, I have noticed that Fortinet FortiSIEM suddenly goes down, and because of this, I have to reboot the servers from the engineers. Usually, I have to restart the panel again to get the product functioning. The aforementioned area of concern has been around for a very long time, making it something where improvements are required.

The stability of the product is an area of concern where improvements are required.

ArcSight can provide a detailed report for a year in a PDF format. In Fortinet FortiSIEM, there is a need to put in manual effort to get a detailed report. In Fortinet FortiSIEM, if I get reports for a specific time frame, I have to manually narrow them down by myself, after which I will not be able to get them in a Word or PDF format, which can be challenging.

I have been using Fortinet FortiSIEM for a year. My company uses the product for some of our internal purposes.

It is a scalable tool. The product can handle a considerable number of customers.

At the moment, there are only two people in my company who use the solution. In the future, the number of uses may increase, especially if my company has to deal with more customers who want to use Fortinet FortiSIEM.

Based on what I heard from my colleagues, the technical support is not bad. My colleagues directly contact the technical support for help.

The product's initial setup phase was easy. I wasn't a part of the deployment process.

In terms of how the tool supports our company's compliance monitoring and reporting practices, I would say that it stems from the fact that Fortinet FortiSIEM is able to serve what our company's customers want while also having the ability to offer solutions, making it quite easy for us to give the customers what they want. The fact that the solution helps my company provide the reports that my customer wants is actually nice. The tool also offers customization ability.

The features of Fortinet FortiSIEM that I find most effective for real-time security event correlation are real-time server connections, which allow me to see all the servers that are online at a particular period of time. The product also shows the threats and bifurcates them into high, medium, and low. The solution has the ability to generate reports easily. The product also provides specific solutions for any threats that are found.

The way Fortinet FortiSIEM improves my company's security posture stems from the fact that with the tool, I can see whatever is happening in real-time. In terms of security issues, if I try to see the problem or threat, then I can really dig deep into what is happening, which is a nice feature.

The tool is easy to maintain. Only two people are required to maintain the solution.

If I compare the integration capabilities of ArcSight with Fortinet FortiSIEM, I would have to say that the latter is in a better position to provide its customers with more details in terms of cybersecurity threats or if they want to compare the firewalls. Fortinet FortiSIEM is better for customers with no cybersecurity knowledge since it helps them understand the product. Fortinet FortiSIEM is better for the security of its customers.

I would ask those who plan to use the Fortinet FortiSIEM to see whether there are other solutions with which it needs to interact in their environment. Fortinet FortiSIEM is one of the best solutions I have dealt with, considering that it has a nice user interface. The update page is good and works in real time. The firewall part of the tool is good. I don't think there is anything that can cause problems for the tool's firewall. I actually liked the tool's firewall.

I rate the overall tool a nine out of ten.

We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.

We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.

We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.

The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.

I have been using Fortinet FortiSIEM for two and a half years.

It's a foolproof solution for our requirements, it is stable.

The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.

We have approximately 25 security engineers using the solution and approximately 10,000 end users.

We do not have plans to increase the usage of the solution at this time.

I would rate the support of Fortinet FortiSIEM a four out of ten. 

We previously were using the Juniper STRM, but  Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.

The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.

We had help from the Fortinet team for the implementation team.

We have received a return on investment by using this solution.

The price of Fortinet FortiSIEM is a lot less when compared to other solutions.

My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.

I rate Fortinet FortiSIEM a six out of ten.

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

Its training can be improved. Its price also needs to be improved.

I have been using this solution for one year.

It has been good so far. We don't have any complaints about the tool.

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.

Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet. 

I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature. 

We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.

I've been using this solution for four years. 

Scalability is good; you just add extra licenses. We have 15 admin users and around 10,000 EPS.

There are lots of issues with licensing policies like the agentless and agent-based installation. It creates a lot of issues because when we purchase the SIEM, by default, we expect most of the licenses to be in the bundle. But it's not like that. We need to purchase separate licenses for each agent and agentless system. There is also licensing with the EPS. It's quite difficult for proposing and purchasing the solution. We hire Fortinet professional services for deployment. 

I think that QRadar and RSE are better solutions than SIEM. The interactivity, scalability, and performance are far better than Fortinet. 

My needs are not getting met with this solution so I would not recommend it to anyone and rate it four out of 10. 

The security notifications and monitoring features.

With the online-based monitoring we've set up, we've been able to watch trends of attempted attacks on our network.

We're also able to monitor our account issues internally as attackers attempt to log into our accounts.

We fall under HIPAA so security is key.

As we're an SMB, I would like to see different licensing options and the solution is priced out of the reach of some small businesses. It was a priority for us, though, because of the HIPAA regulations we fall under, and a more attractive licensing structure would be nice for SMB's.

For the product itself, it's the configuration. You really have to have their help to configure the product. When hands are off and it's in maintenance mode, it's difficult to configure unless you're totally engrossed in the product on a day-to-day basis.

I've used it for one year.

No issues encountered.

No issues encountered.

No issues encountered.

9/10, based strictly on the limited experience with one person that I've had.

9/10, based strictly on the limited experience with one person that I've had.

We used freeware or third party apps (two or three of them), but we liked the consolidation of this product -- one interface, one screen -- to capture what the other applications were doing.

It was complex because we didn't know the product. It's pretty in-depth, but once we got familiar with the software it made a lot of sense.

We had the vendor help us implement, and they were 8/10.

As mentioned above, they need to improve their licensing, but it depends on what industry segment they're going after. Maybe introduce some kind more attractive bundle for SMB's to help them get started with the product.

We did, but I don't recall which ones.

Everyone's implementation will be different, so be very focused and deliberate in what you want to monitor, because you can inundate the system.