Fortinet FortiSIEM Reviews

I work in our presales department. We have three of our clients using Fortinet FortiSIEM.

The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.

We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.

FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication. We use VPN instead of publishing services to the world, and we closed some services that are no longer being used. Eventually, we geographically blocked some services that do not need to be published in China or the United States, for example.

FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries. 

The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated process and takes time.

In future releases, I would like to see a resource for common environments like VMware and VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation.

We have been using Fortinet FortiSIEM for a year and a half.

Being a Linux virtual appliance, FortiSIEM is a stable platform.

We are located in Uruguay, which is a small country. We have no issues with scalability because we have so few people and our IT infrastructure is quite simple. 

Our customers have between 200 and 400 users of Fortinet FortiSIEM.

I would rate the customer service and support of Fortinet FortiSIEM a four out of five. They are quite good.

Positive

Prior to FortiSIEM, we did not use SIEM. We had a log concentrator, but it did not have the ability or the AI to correlate logs like SIEM has.

We decided to implement FortiSIEM because SIEM has the ability to create logs using AI. With a log concentrator, we have all the events there, but there is no relation between them and what we have to do manually.

The initial setup of Fortinet FortiSIEM is easy. The solution is on a virtual appliance that you download and put in the VMworld or on-premise. I would rate the ease of initial setup a five out of five.

Deployment and implementation of FortiSIEM took three months due to the tuning and the building of the dashboards. We used Fortinet professional services for our first deployment. For the second deployment, we used our in-house team. 

We are seeing very good results on a security level.

Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put them in your environment or in the cloud. Without the disk, you have to turn off the device.

I would rate them a three out of five overall for pricing.

We did consider Sentinel in Azure because it is almost free.

If you are considering Fortinet FortiSIEM for your organization, write down what alerts are important to you, which devices deserve to be monitored, and which logs you really need. You will need to customize all of this. If you have all of this detailed, the implementation process will be easier.

I would rate the solution an eight out of ten overall.

We're able to get real-timec as well as our customer networks that we're monitoring at all times.

• Visibility
• Flexibility

The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph. I've already made a specific feature request to just make it look sexier because that's what customers like to see.

The stability has been very good. We've had no issues with instability.

What we really like about it is the ability to scale without costing an arm and a leg for us. They're highly virtualized and, as a result, we're able to deploy in a lot faster manner than shipping their metal to a location that might have to be purchased in another state or country.

We have used their technical support as well as their customer service. They've always got back to us in a timely manner. We've never had an issue of being able to get to the right person. If it doesn't get to the right person, it gets escalated very fast.

We used LogRhythm, and Accelops replaced it.

I wasn't involved in the initial setup, but my team was.

You always have to do your due diligence. I'm pretty sure a lot of the other competition is just as capable, however we deal with aircrafts, which is a different, unique beast. It enables us to understand an aircraft or sat-com network infrastructure, so it's not like a traditional type of log file that you have to normalize.

Some companies work with Windows desktops and servers, but we don't. Again, be sure to do your due diligence because whether Accelops is right for you depends on your use case. Make sure also that you have an MSSP model like we do so that you're able to deliver for your customers.

The solution's ability to collect data from different sources is its most valuable feature.

They should enhance the solution's AI capabilities, including XDR and EDR.

We have been using the solution for six months.

I rate the solution's stability as a nine.

I rate the solution's scalability as an eight. It works well with medium to large-scale enterprises.

The solution's tech support team is good.

The solution's initial setup is a bit complex as you have to do a lot of configuration. You have to collect data from different sources such as Microsoft, IBM, etc. The data extraction process differs for every system. Thus, you have to apply different protocols to collect data from various sources.

The solution has a lot of network solutions in its bucket. As a result, they provide excellent network strength. I advise others to know the product well before implementing it. I rate it as an eight.

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

We used Fortinet consultants for the deployment.

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

Although we're still in training, we can expect to see and address issues in our network, such as configuration errors that caused latency between disc, storage and server that we weren't aware of before.

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there. I'd like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I'm looking for to determine whether we're healthy, what's our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.

So far, it appears to be stable. Early on, there were some lags with certain things happening and my guys weren't quite sure how stuff fit together, but I think that will wash out in the training. We need it to provide alerts, monitoring, security, and SIEM.

We've had no issues with scalability.

It's too early to comment on technical support. I don't have any complaints, and neither do my guys, so that's a good sign.

They got the system up and running pretty easily and now he's working with the engineering groups and others to start making sure that the SM&NT logs are all set. Right now we're in ramp-up mode, so once it's fully loaded we'll be able to talk more about how it's performing with that volume of logs and all the dashboards and things that we started automating.

I trust my server lead and his guys for the setup. They had to build a bigger box with new storage to keep all the new logs that we started pointing at it.

We knew we needed an SIEM tool, and actually looked at Accelops a year ago. At the time, it just wasn't stable enough and we didn't quite have the funding. Now, we did another review and Accelops came out on top with some improvements and better pricing. I found the initial money and had extra budget for ongoing maintenance.

Any of the top SIEM tools like this is going to give you a lot of information and that in itself is the challenge. There's so much information that you need to have at least one person who's dedicated almost full-time to it.

The security notifications and monitoring features.

With the online-based monitoring we've set up, we've been able to watch trends of attempted attacks on our network.

We're also able to monitor our account issues internally as attackers attempt to log into our accounts.

We fall under HIPAA so security is key.

As we're an SMB, I would like to see different licensing options and the solution is priced out of the reach of some small businesses. It was a priority for us, though, because of the HIPAA regulations we fall under, and a more attractive licensing structure would be nice for SMB's.

For the product itself, it's the configuration. You really have to have their help to configure the product. When hands are off and it's in maintenance mode, it's difficult to configure unless you're totally engrossed in the product on a day-to-day basis.

I've used it for one year.

No issues encountered.

No issues encountered.

No issues encountered.

9/10, based strictly on the limited experience with one person that I've had.

9/10, based strictly on the limited experience with one person that I've had.

We used freeware or third party apps (two or three of them), but we liked the consolidation of this product -- one interface, one screen -- to capture what the other applications were doing.

It was complex because we didn't know the product. It's pretty in-depth, but once we got familiar with the software it made a lot of sense.

We had the vendor help us implement, and they were 8/10.

As mentioned above, they need to improve their licensing, but it depends on what industry segment they're going after. Maybe introduce some kind more attractive bundle for SMB's to help them get started with the product.

We did, but I don't recall which ones.

Everyone's implementation will be different, so be very focused and deliberate in what you want to monitor, because you can inundate the system.

I use FortiSIEM for email events and security alarms.

FortiSIEM's best features are the dashboards and customization.

An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS. In the next release, FortiSIEM should implement a central repository.

I've been working with FortiSIEM for more than three years.

FortiSIEM's stability is quite good.

FortiSIEM is scalable, though this is constrained by the licensing model.

FortiSIEM's technical support is satisfactory, but its knowledge base could be better.

Positive

We used an in-house team and the local vendor.

FortiSIEM's licensing is based on EPS, and its pricing is competitive in the market.

I also evaluated LogRhythm and McAfee.

I would give FortiSIEM a rating of seven out of ten.

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

Its training can be improved. Its price also needs to be improved.

I have been using this solution for one year.

It has been good so far. We don't have any complaints about the tool.

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.