Fortinet FortiSIEM Reviews

We primarily use the solution for network and security monitoring.

Most of those CM functions and the correlation alerts are very helpful to our clients. 

The network monitoring is one of the most valuable aspects of the solution.

You can scale the solution with ease if you need to expand.

The stability is very reliable. It offers very good performance.

The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product.

The policy editing should be easier. Right now, it's too hard. 

Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier.

The product is quite expensive. It's something clients always comment on.

We have been using the solution for many years - including before Fortinet acquired the original organization.

The solution is quite stable. We find it very reliable. It doesn't crash or freeze. There aren't bugs and glitches.

The scalability of the solution is excellent. It's one of the main reasons we chose to go with this option. If a company needs to expand, it can do so easily. There aren't constraints.

We have about five to ten customers on the solution currently.

I'm not using the vendor's technical support. Mostly we have our own in-house resources. I cannot tell if are they good or bad. I have never dealt directly with them. Therefore, it would be difficult to review their services.

In terms of the initial setup, the process is not straightforward. It's complex and difficult. Making it easier would help a lot.

All CM installations and implementations are complicated. You have to tailor the product. It's not really something you can just implement out-of-the-box. 

That said, a basic installation is simple. It takes a few days. After you've done the implementation stage, then it takes time. Of course, it depends on the projects. I cannot say how much time it's taken exactly. I just know it takes quite a while.

For deployment, we use two people in a project. One of them is for the beginning of the project - for the implementation and the installation process. The other is the administration which we are generally pas off to our customers. I tend to handle the daily operations.

All of our customers find the solution expensive. It's not a cheap option.

I don't know the exact cost of the solution as I don't directly handle the licensing.

We are actually a reseller service company and we are dealing with the solutions for our customers. We are using the SIEM solutions. We are not a user, we are a reseller.

We have many customers. Not all may be using the latest version of the solution.

I would recommend the solution.

In general, I would rate the solution eight out of ten.

We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various security-related activities and features. In more ways, it becomes like a cloud solution to them. We make use of a secure connection from the clients’ networks using collectors located on their premises back to our centralized SIEM platform.

The most valuable feature is the differentiator, which has a combination of not only the SOC which covers the security operations aspect, but it also includes NOC capabilities. FortiSIEM uses PAM (Performance, Availability, and Monitoring) from an NOC perspective. So not only do you natively look at security data as most SIEM solutions, but you're also looking at the performance and the availability component of those devices. It's easy for us to coordinate if a security incident occurs. You're not only looking at security logs but you also looking at what could potentially have happened in terms of device performance. So that feature to me already makes it quite a big differentiator in the market, compared to other SIEM tools out there.

When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.

The solution is quite solid and stable.

The scalability component is easy. To add workers and even collectors is easy which is how we've deployed it, makes scalability much easier. We plan to grow our users into the thousands.

I never really used support from Fortinet for the FortiSIEM solution that frequent because I figured most of the stuff out on my own, but that being said, the Fortinet Support is great because I figured most of the stuff out on my own.

The initial setup was quite complex. We've had some issues with the first OVF file that we downloaded. We had to customize the installation processes. It was a bit complex in the earlier versions, but the newer versions have greatly improved. 

We use an on-premises deployment model from our perspective and a hybrid model from a customer/user perspective.

I will recommend this solution to others out there looking for a SIEM solution. I've already done a few events we were talk about FortiSIEM and its advantages. I do, however, think the main dashboard where you create and design your graphs could do with some improvement improved. On a scale from 1 to 10, I will rate this solution an 8 to ensure there’s continuous improvement.

• The automation piece -- its ability to dynamically discover which services need to be monitored and to automatically setup the appropriate monitoring.
• We also like the intelligence behind the alerting; we like the out-of-the-box rules that don’t require a lot of tuning.
• The product doesn’t require a lot of manpower, so there isn’t a lot of tuning or management overhead required for it.

We outsource a lot of our IT. We are able to monitor performance and security and to perofrm audits to ensure our outsourcing partners are doing what we are pay them for.

The way that upgrades are handled could be a bit cleaner. That might have been improved in the new version, but where we are, the upgrade process takes the system down for the period of the upgrade. So the lost data during that downtime can be frustrating.

I've used it for four years.

We did, but AccelOps were very, very helpful. I don’t think the product was configured or tuned for an environment as large as ours, so there were some performance issues at first, but they were very helpful and they had developers and engineers on the phone with us to help resolve those issues. They even used the experience with us as a test case to build improvements into the product.

No issues since the product was installed.

No issues since the product was installed.

Their sales people have always been helpful and friendly, and they’ve given us some things for free, like training. It’s been good. We’ve even had some of the higher-ups at AccelOps call us with new product offerings for us because they know our organization so well.

I would say it’s more on the average side. Once I can get someone engaged they’re good about getting the problem solved, but sometimes it’s hard to get someone on the line to help resolve your problem.

No, this is the first solution like this that we’ve had.

The setup was straightforward, but the performance issues we had were the biggest stumbling block. In terms of getting it out of the box and up and running, it really wasn’t difficult at all.

I did it myself in-house.

The pricing is very, very affordable. For the value you get, I think it’s about the cheapest solution on the market.

I think the biggest thing to understand is that it’s like a Swiss Army knife. You get a lot of tools for a lot of things, but don’t expect it to be a killer app in any one area.

We primarily use the solution for collecting logs and duo correlation on our customer's premises.

Both the collecting logs and duo correlation are valuable features for us.

Fortinet also offers very good pricing. Their pricing is incredible.

The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients.

They also have to improve their import perfection solution.

The solution is very stable, like all Fortinet products.

The solution is scalable.

Technical support is very good. They also provide you with additional materials to study the product by yourself so that you can get a better understanding of the full solution.

The initial setup is complex, mostly because of the security, not because of the product. Most of the security features in the installation process are difficult. They require tuning.  You have to be careful you don't configure something wrong. This is a complexity of the environment and the solution itself. The engineer should understand what the customer is looking for. The product might be very good, but if it is positioned in the wrong way, it can be harmful.

I did not evaluate other options; this solution was the decision of the customer. However, in the past, I have evaluated and worked with Splunk and IBM.

We use the public cloud deployment model.

I like the product, and I would recommend it, but I much prefer Splunk.

The beautiful thing about Fortinet is that they have integrated many, many solutions. Their platform is very powerful. In the case of the customer, if he decides to choose Fortinet, he'll largely be stuck with that one vendor. Fortinet does integrate with a few other vendors, but it's best if you use only their solutions. It's more efficient, you have more manageability and you get more value that way.

I would rate the solution seven out of ten.

We use the on-prem deployment model of this solution. Our primary use case of this solution is for all of our infrastructure monitoring, applications, performance monitoring, and for security, incident, and event analysis. 

Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features. 

Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.

It should also have better integration.

It's a good product. It does what it is supposed to do. 

Scalability required a lot of training. If the training isn't adequate you cannot enjoy the end results.

There are currently around ten users using this solution. They are mostly system and network administrators using this solution. We don't have plans to increase the usage. We are going to switch to another product. 

We require two staff members for the deployment and maintenance. 

When you log a call, you don't get instant replies or if there is a bug they take ages to fix it and they ask you to hold.

We didn't previously use another SIEM solution. 

The installation is straightforward but the configuration is complex because it compromises of several aspects of the network infrastructure, servers, and the databases. You have to know what you want to gain out of this product. 

The deployment took around three months. There are a lot of dashboards to configure. It's not about just the installation. The planning phase and understanding what you want to get out of it, setting up the logs, and working on the correlations take time. 

We used a local integrator for the deployment. They were good. When you consider the other SIEM products, this isn't a popular solution. When we implemented it, we were with the solution before it was acquired by Fortinet. It was a hassle. 

Licensing is a one time cost. If you want to enable different modules then there will be additional costs. 

Properly review this solution and your requirements. See how it will scale up to cloud requirements. Cloud technologies are becoming more prominent and you should see how you will be able to manage it with this tool.

It's a good product but you need to be well trained. If you don't have good training then you won't maximize the benefits of this product. 

I would rate it a seven out of ten. 

The granular monitoring capabilities. Also, it's very configurable.

It gives greater visibility via the dashboards into the real-time status of the network. Additionally, it also provides specific alerts and performance monitoring.

Some of the out-of-box dashboards could be more useful, as they’re not configured out-of-box. Some other products we’ve used give a lot more information right out of the box. With Accelops, we didn’t get quite enough useful information at the beginning. Ping monitors (STMs) are highly configurable, but it would be nice to have a simpler monitor to go with it, like a simple ping monitor. As it is, we have to go through three different processes and 30 minutes to get the ping monitor up with email notifications. It should have an easier way to configure some of these more common monitors.

I've used it for two years, but the firm has had the solution in place for longer.

The product is always stable, but there were a few bugs. During some of the upgrades, fixing one problem revealed another, so we had to go through several patch iterations to find a bug-free version that works for us.

None. Far more scalable than is required for us.

Great - we’d give it a 10/10.

6/10 - as far as the techs go, they are knowledgeable, but when trying to get a hold of a tech or have them call back, they weren’t responsive. It was one of my biggest frustrations with the product, and I started to look elsewhere for another solution at one point. Issues that could have been resolved in 30-60 minutes sometimes took months, but they have improved.

Just do your research – the product does a lot, but it may be more than you’re looking for. Also, be aware that it requires a lot of time to maintain, set up, and configure.

It is used as an alerting platform and has an availability manager.

We already have experience with Fortinet products, so dealing with Fortinet FortiSIEM is not complicated.

They should offer better visibility, more correlation tools and a better understanding of the network. Fortinet FortiSIEM already uses simple and standard protocols like SNMP, DuraMI and Syslog. Other solutions like QRadar use sFlow, so I think that they can do better.

In addition, the log collection and configuration management are not great.

We have been using this solution for three years. We deployed Fortinet FortiSIEM at about three customer sites, and it is deployed on-premises.

The product is stable.

It is a scalable solution.

We have expertise with the product, so we don't use technical support often. We only require support for the error mark, and the support is quick and fast for that.

The initial setup was simple, and we deployed Fortinet FortiSIEM in two days. We already had all the information regarding the customers' notes, and it was simple, quick and fast.

It is cheaper than LogPoint or QRadar.

I rate this solution a five out of ten. It is not as good as other solutions like QRadar, but it's cheaper than other products and very simple. In the next release, the visibility should consist of simple and standard protocols.

Regarding advice, if you don't have a dedicated team to handle your logs, don't have a big budget, and want a solution to correlate and collect logs from many vendors, Fortinet FortiSIEM is an excellent choice.