The primary use case for our clients is deploying automatization component of FortiSOAR to help mitigate breaches or attacks without human error. The solution automates everything using the playbooks and pre-deployed response mitigation scenarios. Companies that can use this product may have an infrastructure team but may not be able to attract IT security talent. FortiSOAR helps them minimize human errors. I would say that this is most important and beautiful thing you can have in cybersecurity right now.
FortiSOAR's most valuable feature is its ability to correlate the products and vendors that do not have a native interconnection between them.
There is quite a bit of room for improvement with FortiSOAR's tech support.
I have been using FortiSOAR for the last year. It's brand new product. The product was published globally only about a year and a half ago. I got my first FortiSOAR project about a year ago.
On a scale of one to five, with one being not stable at all and five being very stable, I give FortiSOAR a five for stability.
FortiSOAR is really easy to scale up or scale down.
Fortinet's tech support overall is not great when they are at their best.
The initial setup is really difficult. To deploy, you need to have a huge amount of knowledge between multiple different technologies. You also need knowledge of domain controllers, data center architecture, network security, classic network components, cloud services, and more. You need to know pretty much whole system. Only then can you provide nice and useful playbooks that will automatically mitigate accounts being compromised or ongoing attacks between different technologies. It is not user friendly and it is not really easy to configure.
Deployment would typically begin with the enumeration of whole system. We visualize all the elements of the system and ask questions like: How many identity providers are there? How many network components are there? Do these components have APIs enabled or not? How can the solution reach towards all these components and make adjustments and execute commands? It is important to deeply understand how the IT system is constructed.
After that enumeration period, we will start making connectors and then sending some commands towards them in specific cases. The second and third stages entail optimizing and fine tuning everything in one giant ecosystem. The last part is redefining the playbooks, which will mitigate attacks.
The process outlined above takes just over a month. In cybersecurity, time is critical. If you take too long to deploy, you are basically leaving yourself open for an attack. Companies mostly buy security solutions after they have been breached or while they are under some sort of attack. This puts a lot of stress on the person implementing because the customer will always want it done ASAP. Therefore, in normal circumstances, a month for deployment is okay when you have time for some strategical thinking. But, you don't have that kind of time if your company is currently under attack.
Most complex deployments will involve multiple teams from across the comany. You will always have one person from the network side, one person from DC side, one person from admin, and one person for external services. This will add up to seven people in most cases.
The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it.
The product pays for itself nicely, but the issue is that you cannot sell that straight away. It is fairly new technology and people are not aware of the benefits that it gives. One a scale of one to five, with one being no ROI and five being excellent ROI, I give FortiSOAR a three.
On a scale of one to five, with one being very affordable and five being very expensive, I would give FortiSOAR a three.
There are no hidden fees or external trade feeds. You do not have to deal with anything besides the license itself and support.
The licensing is flexible. You can buy a subscription-based license on a yearly basis or you can buy a perpetual license that will never expire.
If a company already has multiple different teams covering things like networking, the data center, and SaaS services, and they are missing the one big link between, then FortiSOAR is the perfect solution for them. But, if the organization's maturity is low, I could recommend they use a solution like FortiSOAR as it requires a large amount of knowledge to run. There is not a single use case for FortiSOAR, but developed companies are best suited for a solution like this.
However, as far as FortiSOAR itself is concerned, there is not much space for improvement. You can connect it to pretty much anything, which is the most important feature of this product.
