Fortinet FortiSIEM Reviews

The primary use case of FortiSIEM for my client is to provide comprehensive security information and event management (SIEM) capabilities. It is used to monitor, detect, and respond to security incidents across the client's network by aggregating and analyzing logs, events, and other data from various sources. FortiSIEM enables real-time threat detection, compliance reporting, and overall visibility into the security posture, helping to identify potential risks and take proactive measures to protect the organization's infrastructure.

Fortinet FortiSIEM has positively impacted my client's organization by enhancing their ability to monitor security incidents in real time. The solution has provided comprehensive visibility into the network, allowing for quicker identification of potential threats. FortiSIEM's integration with various systems to collect different types of logs and its ability to correlate data from multiple sources have been particularly valuable in reducing the time spent on manual analysis and increasing overall security efficiency.

The most valuable feature is auto-discovery. When you send logs from various device to FortiSIEM it automatically detects and maps all devices, across the network, providing a comprehensive and up-to-date inventory of the IT environment

It's agent-based UEBA enhances security monitoring by utilizing agents installed on endpoints to collect detailed user activity data.It offers deeper insights into user behaviors, improving anomaly detection accuracy.

It's out-of-the-box compliance reporting features significantly ease the burden of regulatory compliance for organizations by offering pre-built report templates aligned with industry standards. Automated report generation minimizes manual effort and reduces the risk of errors, while customizable reporting allows organizations to tailor reports to specific needs.

One area where FortiSIEM could improve is in its custom normalizer/parser capabilities. While FortiSIEM offers powerful event correlation and log analysis features, creating and customizing normalizers can be complex and time-consuming.

Improving the user interface for building custom normalizers, along with providing more intuitive tools or templates, would make it easier for security teams to tailor the solution to specific needs. Enhancements in this area would enable quicker adaptation to unique log formats and data sources, allowing for more accurate event parsing and better overall performance in diverse environments.

Additionally, the search functionality could be less confusing. Streamlining the search experience and providing clearer guidance or examples would help users quickly find the information they need, ultimately improving the overall usability of the platform. These enhancements would facilitate quicker adaptation to unique log formats and more efficient event analysis, leading to better performance in diverse environments.

I have used the solution for two years.

I rate the solution's stability a seven point five out of ten. 

Regarding scalability, it's better for vertical and horizontal scale-up, but expanding log sources isn't very easy due to the licensing model.

The support team was great, technically proficient, and helped with numerous bugs.

Positive

The installation and setup can be tough, requiring planning for hardware segregation and log volume. However, the installation isn't too difficult if you have clear requirements.

For those interested in using Fortinet FortiSIEM, I'd advise planning your hardware specifications and considering backup and archives to prevent log loss. It's worth the money for what they've developed. 

It's difficult for beginners to learn, mainly because of Fortinet FortiSIEM's specific queries and the lack of a user-friendly environment. Understanding these queries to find your desired logs can be challenging for newcomers.

I'd rate Fortinet FortiSIEM an eight out of ten because it's powerful and simple.