Fortinet FortiSIEM Reviews

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

We used Fortinet consultants for the deployment.

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

If a customer is looking to establish a centralized monitoring and security solution, Fortinet FortiSIEM can be tailored to meet their specific needs effectively. This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.

It works exceptionally well when combined with a vulnerability management solution.

Customer support service could be better.

It provides great stability features.

Scalability is excellent, especially for our enterprise-level clients.

I have moderate satisfaction with customer support, and we've learned to manage it adequately. I would rate it three out of ten.

Negative

I previously worked with LogPoint, which had rigid pricing structures. In contrast, we value flexibility and aim to provide more adaptable support, so we switched to Fortinet FortiSIEM.

The initial setup is quite swift.

The deployment process usually takes just one to two days to have the basics up and running. This involves connecting the collectors and configuring the systems.

Pricing is determined based on the customer's budget. We discuss how to tailor the pricing to fit the specific needs and financial considerations of the customer.

I would highly recommend it. It's a top-tier solution, receiving a solid ten out of ten rating.

We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.

We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.

We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.

The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.

I have been using Fortinet FortiSIEM for two and a half years.

It's a foolproof solution for our requirements, it is stable.

The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.

We have approximately 25 security engineers using the solution and approximately 10,000 end users.

We do not have plans to increase the usage of the solution at this time.

I would rate the support of Fortinet FortiSIEM a four out of ten. 

We previously were using the Juniper STRM, but  Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.

The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.

We had help from the Fortinet team for the implementation team.

We have received a return on investment by using this solution.

The price of Fortinet FortiSIEM is a lot less when compared to other solutions.

My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.

I rate Fortinet FortiSIEM a six out of ten.

Although we're still in training, we can expect to see and address issues in our network, such as configuration errors that caused latency between disc, storage and server that we weren't aware of before.

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there. I'd like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I'm looking for to determine whether we're healthy, what's our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.

So far, it appears to be stable. Early on, there were some lags with certain things happening and my guys weren't quite sure how stuff fit together, but I think that will wash out in the training. We need it to provide alerts, monitoring, security, and SIEM.

We've had no issues with scalability.

It's too early to comment on technical support. I don't have any complaints, and neither do my guys, so that's a good sign.

They got the system up and running pretty easily and now he's working with the engineering groups and others to start making sure that the SM&NT logs are all set. Right now we're in ramp-up mode, so once it's fully loaded we'll be able to talk more about how it's performing with that volume of logs and all the dashboards and things that we started automating.

I trust my server lead and his guys for the setup. They had to build a bigger box with new storage to keep all the new logs that we started pointing at it.

We knew we needed an SIEM tool, and actually looked at Accelops a year ago. At the time, it just wasn't stable enough and we didn't quite have the funding. Now, we did another review and Accelops came out on top with some improvements and better pricing. I found the initial money and had extra budget for ongoing maintenance.

Any of the top SIEM tools like this is going to give you a lot of information and that in itself is the challenge. There's so much information that you need to have at least one person who's dedicated almost full-time to it.

The security notifications and monitoring features.

With the online-based monitoring we've set up, we've been able to watch trends of attempted attacks on our network.

We're also able to monitor our account issues internally as attackers attempt to log into our accounts.

We fall under HIPAA so security is key.

As we're an SMB, I would like to see different licensing options and the solution is priced out of the reach of some small businesses. It was a priority for us, though, because of the HIPAA regulations we fall under, and a more attractive licensing structure would be nice for SMB's.

For the product itself, it's the configuration. You really have to have their help to configure the product. When hands are off and it's in maintenance mode, it's difficult to configure unless you're totally engrossed in the product on a day-to-day basis.

I've used it for one year.

No issues encountered.

No issues encountered.

No issues encountered.

9/10, based strictly on the limited experience with one person that I've had.

9/10, based strictly on the limited experience with one person that I've had.

We used freeware or third party apps (two or three of them), but we liked the consolidation of this product -- one interface, one screen -- to capture what the other applications were doing.

It was complex because we didn't know the product. It's pretty in-depth, but once we got familiar with the software it made a lot of sense.

We had the vendor help us implement, and they were 8/10.

As mentioned above, they need to improve their licensing, but it depends on what industry segment they're going after. Maybe introduce some kind more attractive bundle for SMB's to help them get started with the product.

We did, but I don't recall which ones.

Everyone's implementation will be different, so be very focused and deliberate in what you want to monitor, because you can inundate the system.

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

Its training can be improved. Its price also needs to be improved.

I have been using this solution for one year.

It has been good so far. We don't have any complaints about the tool.

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.

We primarily use the solution for integration with FortiGate Firewall. We use it for multiple authentification, malware detection, and protection from DDoS attacks.

The seamless integration with FortiGate is the solution's most valuable aspect.

When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement.

The solution should offer user behavior analytics in a future release.

The solution is stable.

We don't have any expansion requirements, so I've never looked into scalability.

We've never reached out to technical support. If we need assistance, we typically look for FortiGate documents or scan their blog site. We handle any problems internally.

We previously used an open-source solution called Elastic.

The initial setup is easy.

We received support from an integrator.

We evaluated AlienVault and SolarWinds. These were both within our limited budget, but we chose FortiSIEM because it integrated seamlessly with FortiGate firewall.

We use the on-premises deployment model.

I'd recommend this solution to companies that have a FortiGate firewall and are on a limited budget. 

I'd rate the solution six out of ten.

There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.

Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.

In general, the system is stable.

We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.

Customer Service:

Customer service is mediocre, but the relationship is improving with focused attention on customers.

Technical Support:

Technical support is good.

We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.

The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.

We implemented it with out in-house team.

We didn't evaluate other options as this was a direct, suggested replacement to MARS.

Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.