The CMDB and the device discovery features are most valuable.
Chief Technical Officer at a computer software company with 51-200 employees
Beneficial CMDB and device discovery, but implementation process needs improvement
Pros and Cons
- "The CMDB and the device discovery features are most valuable."
- "I would like to see easier implementation in the future."
What is most valuable?
What needs improvement?
I would like to see easier implementation in the future.
For how long have I used the solution?
I have been using the solution for approximately five months.
What do I think about the scalability of the solution?
Most of our clients are medium-sized businesses.
Buyer's Guide
Fortinet FortiSIEM
December 2024
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
How are customer service and support?
The technical support has been very good in helping us with issues we have been facing during the implementation of the solution. We are not finished yet but we are close.
How was the initial setup?
The initial setup is not simple.
We are having some issues with the agent installation, it is requiring several reboots. This could be the system environment at the client site because in our lab the agent installation is straightforward and it does not require reboots. We are still working on this issue.
What about the implementation team?
We are doing the implantation of the solution and it has a moderate level of difficulty.
What other advice do I have?
I rate Fortinet FortiSIEM a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
IT Executive: Operations & Security at Icon Information Systems (Pty) Ltd
The performance is very good, and it is extremely scalable
Pros and Cons
- "To add workers and even collectors is pretty easy."
- "The dashboard needs to improve."
What is our primary use case?
We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various security-related activities and features. In more ways, it becomes like a cloud solution to them. We make use of a secure connection from the clients’ networks using collectors located on their premises back to our centralized SIEM platform.
What is most valuable?
The most valuable feature is the differentiator, which has a combination of not only the SOC which covers the security operations aspect, but it also includes NOC capabilities. FortiSIEM uses PAM (Performance, Availability, and Monitoring) from an NOC perspective. So not only do you natively look at security data as most SIEM solutions, but you're also looking at the performance and the availability component of those devices. It's easy for us to coordinate if a security incident occurs. You're not only looking at security logs but you also looking at what could potentially have happened in terms of device performance. So that feature to me already makes it quite a big differentiator in the market, compared to other SIEM tools out there.
What needs improvement?
When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.
For how long have I used the solution?
I have been using this solution for 18 months now.
What do I think about the stability of the solution?
The solution is quite solid and stable.
What do I think about the scalability of the solution?
The scalability component is easy. To add workers and even collectors is easy which is how we've deployed it, makes scalability much easier. We plan to grow our users into the thousands.
How are customer service and technical support?
I never really used support from Fortinet for the FortiSIEM solution that frequent because I figured most of the stuff out on my own, but that being said, the Fortinet Support is great because I figured most of the stuff out on my own.
How was the initial setup?
The initial setup was quite complex. We've had some issues with the first OVF file that we downloaded. We had to customize the installation processes. It was a bit complex in the earlier versions, but the newer versions have greatly improved.
What other advice do I have?
We use an on-premises deployment model from our perspective and a hybrid model from a customer/user perspective.
I will recommend this solution to others out there looking for a SIEM solution. I've already done a few events we were talk about FortiSIEM and its advantages. I do, however, think the main dashboard where you create and design your graphs could do with some improvement improved. On a scale from 1 to 10, I will rate this solution an 8 to ensure there’s continuous improvement.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiSIEM
December 2024
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Systems Administrator with 501-1,000 employees
Dashboards provide us with the real-time status of our network, including specific alerts and granular monitoring.
Valuable Features
The granular monitoring capabilities. Also, it's very configurable.
Improvements to My Organization
It gives greater visibility via the dashboards into the real-time status of the network. Additionally, it also provides specific alerts and performance monitoring.
Room for Improvement
Some of the out-of-box dashboards could be more useful, as they’re not configured out-of-box. Some other products we’ve used give a lot more information right out of the box. With Accelops, we didn’t get quite enough useful information at the beginning. Ping monitors (STMs) are highly configurable, but it would be nice to have a simpler monitor to go with it, like a simple ping monitor. As it is, we have to go through three different processes and 30 minutes to get the ping monitor up with email notifications. It should have an easier way to configure some of these more common monitors.
Use of Solution
I've used it for two years, but the firm has had the solution in place for longer.
Stability Issues
The product is always stable, but there were a few bugs. During some of the upgrades, fixing one problem revealed another, so we had to go through several patch iterations to find a bug-free version that works for us.
Scalability Issues
None. Far more scalable than is required for us.
Customer Service and Technical Support
Customer Service:
Great - we’d give it a 10/10.
Technical Support:6/10 - as far as the techs go, they are knowledgeable, but when trying to get a hold of a tech or have them call back, they weren’t responsive. It was one of my biggest frustrations with the product, and I started to look elsewhere for another solution at one point. Issues that could have been resolved in 30-60 minutes sometimes took months, but they have improved.
Other Advice
Just do your research – the product does a lot, but it may be more than you’re looking for. Also, be aware that it requires a lot of time to maintain, set up, and configure.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Cyber Security Analyst at a tech services company with 11-50 employees
Provides valuable CIM-based predefined rules and an efficient automated response feature
Pros and Cons
- "Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses."
- "There could be more AI features included in the product."
What is our primary use case?
We use the product for threat detection.
What needs improvement?
There could be more AI features included in the product.
For how long have I used the solution?
We have been using Fortinet FortiSIEM for more than two years.
What do I think about the stability of the solution?
I rate the platform's stability an eight and a half out of ten.
How are customer service and support?
The technical support services need improvement.
How would you rate customer service and support?
Positive
What other advice do I have?
They have released a new update recently. With the help of AVPN, users can log in from another country directly using CIM-based predefined rules. Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses.
I recommend other users to go with Fortinet FortiSIEM and rate the product an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Cybersecurity Engineer at a tech services company with 11-50 employees
Stable machine learning solution that offers the advanced use of AI
Pros and Cons
- "The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."
- "The graphs on the user interface could be improved as we often experience glitches."
What is our primary use case?
We use this solution to collect logs.
What is most valuable?
The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers.
What needs improvement?
The graphs on the user interface could be improved as we often experience glitches.
What do I think about the stability of the solution?
This is a stable solution.
How are customer service and support?
The customer service team needs additional experience and knowledge of the solution so the answers they provide are more accurate and helpful.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We use this solution together with McAfee ESM which is a simple and robust solution. Its interface is better than SIEM.
How was the initial setup?
The initial setup was straightforward. The time it takes to complete the setup and deployment depends on the size of the environment and the number of EPS events per second.
What other advice do I have?
This is a good solution but is fairly new so the support for it is not effective. Their support team does not have the experience to immediately solve issues.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a sports company with 51-200 employees
I can write my own parsers for the devices that are not supported. I am unable to perform complex/nested queries.
Pros and Cons
- "The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
- "The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
How has it helped my organization?
It is provides extremely fast and flexible query of logs/events on the network. For example, it’s easy to write a quick query for all the “authentication” requests on the network, regardless of where they came from, i.e., during the past days, weeks or months.
What is most valuable?
The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature. It’s impossible to find an application that supports every device/manufacturer that we have. Thus, being able to write my own parsers for device logs, allows for greater scalability.
What needs improvement?
The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries. However, it does function well for our day-to-day operations.
What do I think about the stability of the solution?
We did experience some stability issues. The parser engine crashes often, but it does recover without any noticeable impact to the performance or service.
What do I think about the scalability of the solution?
There were no scalability issues; the product scales well for us.
How is customer service and technical support?
Support was very good when owned by AccelOps. I have not opened any recent cases with Fortinet since its buyout.
How was the initial setup?
The setup was pretty complex, but we had great support from AccelOps.
What's my experience with pricing, setup cost, and licensing?
I haven’t looked at the latest offerings or licensing models since Fortinet bought this product. Previously, AccelOps was looking to add other Tableau reporting modules for more complex reporting purposes. This was not attractive to us, due to the high cost of Tableau's licensing. Also, it required licensing for an event forwarding engine to be installed on the servers. The cost was getting high when we looked at licensing for 50-plus servers.
Which other solutions did I evaluate?
We only evaluated this solution and loved the capabilities that it offers. We decided to take a chance and I’m not sorry that we did. Overall, the experience has been very positive.
What other advice do I have?
Make sure you size the solution to the number of devices and servers on the network. Don’t be afraid to add additional workers.
Try to avoid using WMA formats for log retrieval of the busy servers; this is extremely resource-intensive. Price out the event forwarding engine that they offer and add it to your budget.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer L1 at a media company with 11-50 employees
Easy to understand and the technical support is good, but they need better documentation
Pros and Cons
- "It's a very nice solution to work with."
- "There is no proper guide for integration or configuration."
What is our primary use case?
We are trying to onboard some devices, which we will analyze using Fortinet FortiSIEM.
Once it responds smoothly, we will onboard some clients with requests.
What is most valuable?
It's a very nice solution to work with. It is easy to understand.
What needs improvement?
There is no proper guide for integration or configuration. They need to improve the documentation library.
For how long have I used the solution?
We are using the enterprise version in my organization. I have been using it for 30 to 40 days, but not more than two months.
How are customer service and technical support?
We have contacted technical support. They are good and provide good resolutions.
How was the initial setup?
The initial setup was straightforward.
What other advice do I have?
I will definitely recommend this solution to others. I am still exploring it, as it is new to us. I need more time to analyze it further.
I would rate Fortinet FortSIEM a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a tech services company with 1,001-5,000 employees
It's a nice tool for integration and monitoring, but it's difficult to integrate unsupported devices
Pros and Cons
- "FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high."
- "It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM."
What is our primary use case?
We have nearly 30 analysts currently using FortiSIEM.
What is most valuable?
FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high.
What needs improvement?
It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM.
For how long have I used the solution?
I've been using FortiSIEM for a year and a half.
What do I think about the stability of the solution?
FortiSIEM is stable. QRadar and FortiSIEM are both fairly stable. There aren't many issues from an admin point of view.
What do I think about the scalability of the solution?
FortiSIEM is scalable.
How are customer service and support?
Fortinet support is great. They're more responsive than IBM.
How was the initial setup?
FortiSIEM is easy to set up. Installing the supervisor component of FortiSIEM took around one hour, but the console installation for QRadar takes almost three to four hours.
What other advice do I have?
I rate FortiSIEM seven out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
AlienVault OSSIM
Securonix Next-Gen SIEM
USM Anywhere
ManageEngine Log360
Google Chronicle Suite
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region