Fortinet FortiSIEM OverviewUNIXBusinessApplication

Fortinet FortiSIEM is the #10 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give Fortinet FortiSIEM an average rating of 7.4 out of 10. Fortinet FortiSIEM is most commonly compared to Microsoft Sentinel: Fortinet FortiSIEM vs Microsoft Sentinel. Fortinet FortiSIEM is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
Fortinet FortiSIEM Buyer's Guide

Download the Fortinet FortiSIEM Buyer's Guide including reviews and more. Updated: June 2023

What is Fortinet FortiSIEM?

FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

Companies around the world use FortiSIEM for the following use cases:

  • Threat management and intelligence that provide situational awareness and anomaly detection
  • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
  • Managing “alert overload”
  • Handling the “too many tools” reporting issue
  • Addressing the MSPs/MSSPs pain of meeting service level agreements

Fortinet FortiSIEM was previously known as FortiSIEM, AccelOps.

Fortinet FortiSIEM Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.

Fortinet FortiSIEM Video

Fortinet FortiSIEM Pricing Advice

What users are saying about Fortinet FortiSIEM pricing:
  • "This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
  • "Fortinet's products are not expensive, it is less than the competition."
  • "The price of Fortinet FortiSIEM was reasonable compared to other solutions."
  • "The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
  • "The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license."
  • Fortinet FortiSIEM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Director, Infrastructure and Operations at a comms service provider with 11-50 employees
    Real User
    Top 20
    It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources
    Pros and Cons
    • "The event correlation is pretty robust. The GUI is pretty good."
    • "Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."

    What is our primary use case?

    We have eight use cases installed, and we are collecting log sources from most of the relevant endpoints. We did all that configuration ourselves. So, the product didn't really have a lot to do with it.

    It is deployed on a private cloud. We manage the cloud infrastructure ourselves, and its primary purpose is to monitor and protect our network devices and our own business systems, not necessarily our customer-facing services.

    We are most probably on version 3. We are not on the current release.

    What is most valuable?

    The event correlation is pretty robust. The GUI is pretty good. 

    What needs improvement?

    Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire.

    The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work.

    The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.

    For how long have I used the solution?

    We've been using it for about three years.

    Buyer's Guide
    Fortinet FortiSIEM
    June 2023
    Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
    710,326 professionals have used our research since 2012.

    What do I think about the scalability of the solution?

    Scaling is problematic because of the architecture. It is very hard to figure out the required compute, memory, and disk space because the documentation is so bad. Like any SIEM, it is very compute-heavy. So, scaling is always a problem. We've come to the conclusion that it is not scalable to the magnitude that we require.

    I have two system administrators at the moment who are a part of my SOC. We have a very small operation. My SOC right now is comprised of two analysts, a senior analyst, and a manager. All of them are technical, and all of them are involved in managing this solution in one way, shape, or form.

    We use the product as one of our internal controls. We have several others, which I won't get into, and we do not plan on scaling it beyond that. We have been piloting some customer-facing use cases, and we will be deprecating those, scaling them back, and moving them to the Microsoft product.

    How are customer service and support?

    Their technical support is really bad. Their account support and product support are fine. I would rate their technical support one out of ten.

    How would you rate customer service and support?

    Negative

    How was the initial setup?

    The initial deployment was done with the partner. Since then, we have done additional endpoints and upgrades, and we are doing all the work ourselves now. 

    What about the implementation team?

    We used a partner to help us with the initial setup.

    What was our ROI?

    We are not really tracking ROI. We just view it as a cost of business, and we are not driving any revenue from it. So, it is just a sum cost.

    What's my experience with pricing, setup cost, and licensing?

    This is probably more on the lower cost end of the spectrum compared to competing products.

    Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model.

    In terms of additional costs, we also pay for our cloud infrastructure to run it. If your log source is not supported, you're going to have to develop custom parsing. So, you're going to incur that development cost. There is also the normal day-to-day administration cost.

    Which other solutions did I evaluate?

    We implemented Fortinet FortiSIEM for our own use, and then we have been exploring the idea of using it for a customer-facing or a managed service provider multi-tenant SIEM. We offer managed SIEM services to our customers, and we've come to the conclusion that it is not well suited for that purpose. We are in the process of installing Microsoft Sentinel and Azure Lighthouse for a new service.

    What other advice do I have?

    My overall impression is that this is an SMB product. It is not a large-scale enterprise or multi-tenant product. Even though they tell you it'll do that, it is an SMB tool, and it is pretty good for that purpose. However, most institutions would not have the required in-house expertise for it. You need a dedicated, skilled technical administrator. You need your own DevOps team, which small and medium businesses generally don't have, or you can do what we did and use a partner to do the work for you.

    I would caution others to fully understand the support model and talk to reference customers about it and have a solid understanding of what their internal resource needs will be to implement and support it. That's because it is complicated. Depending on the product you pick, you would need some in-house technical capabilities. For bigger companies, that's usually not a problem, but for small and medium businesses, that can be a problem.

    I would rate it a six out of ten. It is suitable for its purpose. It is targeted at the SMB market. The feature function is fine. I would rate it higher if their technical support was better.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Presales IT at a tech services company with 201-500 employees
    MSP
    Top 10
    Integrates logs from different sources so that there is a common place to see and create dashboards
    Pros and Cons
    • "FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
    • "The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."

    What is our primary use case?

    I work in our presales department. We have three of our clients using Fortinet FortiSIEM.

    The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.

    We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.

    How has it helped my organization?

    FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication. We use VPN instead of publishing services to the world, and we closed some services that are no longer being used. Eventually, we geographically blocked some services that do not need to be published in China or the United States, for example.

    What is most valuable?

    FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries. 

    What needs improvement?

    The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated process and takes time.

    In future releases, I would like to see a resource for common environments like VMware and VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation.

    For how long have I used the solution?

    We have been using Fortinet FortiSIEM for a year and a half.

    What do I think about the stability of the solution?

    Being a Linux virtual appliance, FortiSIEM is a stable platform.

    What do I think about the scalability of the solution?

    We are located in Uruguay, which is a small country. We have no issues with scalability because we have so few people and our IT infrastructure is quite simple. 

    Our customers have between 200 and 400 users of Fortinet FortiSIEM.

    How are customer service and support?

    I would rate the customer service and support of Fortinet FortiSIEM a four out of five. They are quite good.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Prior to FortiSIEM, we did not use SIEM. We had a log concentrator, but it did not have the ability or the AI to correlate logs like SIEM has.

    We decided to implement FortiSIEM because SIEM has the ability to create logs using AI. With a log concentrator, we have all the events there, but there is no relation between them and what we have to do manually.

    How was the initial setup?

    The initial setup of Fortinet FortiSIEM is easy. The solution is on a virtual appliance that you download and put in the VMworld or on-premise. I would rate the ease of initial setup a five out of five.

    What about the implementation team?

    Deployment and implementation of FortiSIEM took three months due to the tuning and the building of the dashboards. We used Fortinet professional services for our first deployment. For the second deployment, we used our in-house team. 

    What was our ROI?

    We are seeing very good results on a security level.

    What's my experience with pricing, setup cost, and licensing?

    Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put them in your environment or in the cloud. Without the disk, you have to turn off the device.

    I would rate them a three out of five overall for pricing.

    Which other solutions did I evaluate?

    We did consider Sentinel in Azure because it is almost free.

    What other advice do I have?

    If you are considering Fortinet FortiSIEM for your organization, write down what alerts are important to you, which devices deserve to be monitored, and which logs you really need. You will need to customize all of this. If you have all of this detailed, the implementation process will be easier.

    I would rate the solution an eight out of ten overall.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Fortinet FortiSIEM
    June 2023
    Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
    710,326 professionals have used our research since 2012.
    Babar Shahbaz - PeerSpot reviewer
    Head of Product Management (Cloud & Digital) at Pakistan Telecommunication Company Limited
    Real User
    Integrates well with other Fortinet solutions, has nice VR and security feature s
    Pros and Cons
    • "We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
    • "FortiSIEM is not a market leader in the SIEM space."

    What is our primary use case?

    We primarily use the solution for security.

    What is most valuable?

    Fortinet has a unique model, which they call MSSP, managed services security partner. They select a telco in a country, partner with them, and offer them the certification track. We are an MSSP partner in Pakistan. FortiSIEM and FortiSOAR, their overall solutions that are there for threat mitigation, visibility, control, et cetera, is well integrated.

    We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers.

    There's a VR feature that is basically segmenting these firewalls, these security devices. Using that feature, we can make a network slice for each and every enterprise customer. All of the infrastructure is deployed in our data center, yet customer uses it as if it is their own.

    What needs improvement?

    FortiSIEM is not a market leader in the SIEM space. In SIEM solutions, typically, our customers ask for Splunk, or they ask for Logarithm. Some legacy customers ask for IBM. This isn’t as popular. Fortinet needs to grow in that perspective. They need to become a leader in the magic quadrant of Gartner and be seen as visionary so that the top customers, the big customers, take them seriously in the SIEM space.

    For how long have I used the solution?

    I’ve been using the solution for more than a year now.

    What do I think about the stability of the solution?

    This is an absolutely stable solution. There aren’t bugs or glitches, and it doesn’t crash or freeze. It’s reliable.

    What do I think about the scalability of the solution?

    We don’t have users per se. We are selling it. We have just started selling it. At this point, we have more than double-digit customers onboarded who are using the services.

    My understanding is that the solution is entirely scalable.

    How are customer service and support?

    We find technical support quite helpful. They're very responsive. They have a very good on-the-ground team in Pakistan.

    How was the initial setup?

    While I am responsible for the overall product owners within PTCL, within my organization, I don’t directly deal with implementation tasks.

    My colleagues tell me it is easy to deal with, however.

    What's my experience with pricing, setup cost, and licensing?

    I can’t speak to the general cost of the solution. They have a very flexible model for partners like us, however. It is a pay-as-you-grow model.

    What other advice do I have?

    I’m not sure which exact version I’m using.

    We are a cloud provider. Whatever we do, we sell it to our clients. We're not an enterprise, we are a public cloud provider, PTCL, and we sell to our clients.

    I’d rate the solution eight out of ten.

    If a company already has Fortinet devices in their network they have all the components of security of Fortinet, then it will make sense for them to consider FortiSIEM. If, however, it doesn’t have Fortinet security devices, it may be difficult to leverage.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Abdul-MuminIddrisu - PeerSpot reviewer
    CCO at oduma solutions ltd
    Real User
    Top 5
    Effective multi-tenancy, helpful support, but interface could improve
    Pros and Cons
    • "Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly."
    • "The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."

    What is our primary use case?

    We are using Fortinet FortiSIEM for multi-tenant SOC service.

    Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.

    How has it helped my organization?

    Fortinet FortiSIEM has helped us achieve our goal of serving multi-tenant SOC services. We're able to serve multiple clients at the same time.

    What is most valuable?

    Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.  

    What needs improvement?

    The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.

    For how long have I used the solution?

    I have been using Fortinet FortiSIEM for one year.

    What do I think about the stability of the solution?

    Fortinet FortiSIEM is stable.

    What do I think about the scalability of the solution?

    The scalability of Fortinet FortiSIEM is good.

    How are customer service and support?

    We have contacted the support a number of times and they were helpful.

    How was the initial setup?

    The initial setup of Fortinet FortiSIEM is straightforward. It took us approximately two weeks.

    What about the implementation team?

    We did the deployment in-house. We had two people for the implementation.

    What was our ROI?

    We are using Fortinet FortiSIEM to serve clients, and we are receiving our return on investment from them.

    What's my experience with pricing, setup cost, and licensing?

    The price of Fortinet FortiSIEM was reasonable compared to other solutions.

    There are many licenses required, such as the MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent license that you need. If you use any Windows Agent, you receive a separate license charge.

    What other advice do I have?

    We started using Fortinet FortiSIEM because we were recommended to use it by a trusted source.

    My advice to others would be to carefully look at the cost involved, and look closely at the licensing model. If it's a model that works for you, then great. However, it came as a surprise to us, we were told that we would be giving different licenses for the devices, and for the Windows Agent separately. We were not expecting the additional costs, it caught us off guard.

    I rate Fortinet FortiSIEM a six out of ten.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Asst Programmer Data Center at a consultancy with 10,001+ employees
    Real User
    Top 5
    Plenty of features, reliable, but more frequent updates needed
    Pros and Cons
    • "We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
    • "We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."

    What is our primary use case?

    We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.

    What is most valuable?

    We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.

    What needs improvement?

    We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.

    The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.

    For how long have I used the solution?

    I have been using Fortinet FortiSIEM for two and a half years.

    What do I think about the stability of the solution?

    It's a foolproof solution for our requirements, it is stable.

    What do I think about the scalability of the solution?

    The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.

    We have approximately 25 security engineers using the solution and approximately 10,000 end users.

    We do not have plans to increase the usage of the solution at this time.

    How are customer service and support?

    I would rate the support of Fortinet FortiSIEM a four out of ten. 

    Which solution did I use previously and why did I switch?

    We previously were using the Juniper STRM, but  Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.

    How was the initial setup?

    The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.

    What about the implementation team?

    We had help from the Fortinet team for the implementation team.

    What was our ROI?

    We have received a return on investment by using this solution.

    What's my experience with pricing, setup cost, and licensing?

    The price of Fortinet FortiSIEM is a lot less when compared to other solutions.

    What other advice do I have?

    My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.

    I rate Fortinet FortiSIEM a six out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    HamedWasel - PeerSpot reviewer
    Senior Network Security Engineer at Orange
    Real User
    Top 10
    It's cheaper than other solutions with the same features but lacks integration with many third-party vendors
    Pros and Cons
    • "FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."
    • "FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."

    What is our primary use case?

    I am part of the team that implements the solution, and we hand it over to the operations team. We use FortiSIEM to ingest logs. The customer provides us with the IPs for the log sources, and we add them to the FortiSIEM dashboard. We can check the logs for signs of malicious access from outside devices and set rules based on the customer's preferences. 

    What is most valuable?

    FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents. 

    What needs improvement?

    FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors. 

    I would also like to see FortiSIEM add more of the features available in FortiSOAR. You need to buy two separate solutions to get these features, but they should all be available in one product. 

    For how long have I used the solution?

    I have used FortiSIEM for two years.

    What do I think about the stability of the solution?

    We haven't had any issues with stability aside from the problems associated with integrating FortiSIEM with third-party vendors. 

    What do I think about the scalability of the solution?

    We haven't scaled FortiSIEM much until recently. Our customers typically implement it on one node, so I'm not sure how easy it is to scale. We often work with large enterprise companies, so we've used the solution in healthcare. For example, we deployed FortiSIEM at a children's cancer hospital in Egypt. We also used it for banking clients, including an investment bank. 

    How are customer service and support?

    Fortinet support is helpful. 

    How was the initial setup?

    Deploying FortiSIEM is straightforward. Most of our customers prefer the on-prem version over the cloud. 

    Which other solutions did I evaluate?

    Other vendors like IBM QRadar are more effective than FortiSIEM for a SOC use case because they specialize in that area. I would recommend that if you are trying to build a large SOC team. 

    What other advice do I have?

    I rate FortiSIEM seven out of 10. I strongly recommend this solution for customers who are using Fortinet products. It offers the same features as other vendors, but it's less expensive. However, some other SIEM solutions are more effective.  

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Kumar Vaibhav - PeerSpot reviewer
    Solutions Architect at In2IT Technologies
    MSP
    Top 5
    Useful behavior data monitoring, helpful support, and different deployment methods available
    Pros and Cons
    • "The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
    • "The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."

    What is our primary use case?

    Fortinet FortiSIEM is used to retrieve logs from different sources, such as network switches, firewalls, and servers, that are running difficult operating systems. The solution adds intelligence to the process that can provide meaningful information for the data analyst to use.

    The solution can be deployed on the cloud or on-premise.

    What is most valuable?

    The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted.

    What needs improvement?

    The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial.

    For how long have I used the solution?

    I have been using Fortinet FortiSIEM for a couple of years. 

    What do I think about the stability of the solution?

    The stability of Fortinet FortiSIEM is stable.

    I rate stability Fortinet FortiSIEM an eight out of ten.

    What do I think about the scalability of the solution?

    Fortinet FortiSIEM is known for its scalability, it scales well.

    We have a couple of customers using this solution.

    I rate the scalability of Fortinet FortiSIEM a nine out of ten.

    How are customer service and support?

    The support from Fortinet FortiSIEM is great.

    How was the initial setup?

    The initial setup is easy, but the time it takes for the deployment depends on the number of applications monitored. One of our clients has taken us three weeks, but a typical setup takes one month. Some logs are simple to configure while others can be more difficult. 

    Deploying the solution is a straightforward process that involves just a few steps, such as loading the solution and configuring it, after which the solution will commence retrieving the data.

    What about the implementation team?

    We do the implementation of the solution with two administrators within one month.

    What's my experience with pricing, setup cost, and licensing?

    The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license.

    What other advice do I have?

    My advice to others that might want to implement this solution is to know their business needs. There are other solutions, such as Splunk that can provide a lot more information when collecting data but it might not be needed for their use case. A small business would not need all the extra features of Splunk.

    I rate Fortinet FortiSIEM an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    ZaidoonAbuhanak - PeerSpot reviewer
    SALES PRODUCT MANAGER at NOURNET
    Reseller
    Top 5
    Reasonably priced with good dashboards and an easy initial setup
    Pros and Cons
    • "Technical support is helpful."
    • "They need to integrate better with Cisco and Palo Alto."

    What is our primary use case?

    We are using the solution for our customers. 

    What is most valuable?

    The pricing is good. 

    The best features are the dashboard and the integration between the Fortinet products. We can connect the nodes very easily.

    The initial setup is very easy.

    It's great to use both this and FortiSOAR. It makes everything better. If you use them together with Fortianalyzer, it's better than Splunk.

    The solution is stable. 

    It is a scalable product. 

    Technical support is helpful. 

    What needs improvement?

    There are some connectivity issues with FortiAnalyzer and FortiGate.

    They need to integrate better with Cisco and Palo Alto. 

    What do I think about the stability of the solution?

    The solution is very stable. It offers good reliability.

    What do I think about the scalability of the solution?

    We have found that it is possible to scale the solution.

    How are customer service and support?

    With technical support, I often direct tickets to them in terms of licensing, and within a maximum of two to three hours, the license will be active. They are very helpful. They are very responsive. They are always responding to the tickets and assisting us. You can show your customer their level of engagement. It's very impressive. Customers are happy.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    In Saudi Arabia, customers are doing Splunk or LogRhythm. In Jordan, we are using Fortinet due to the fact that it is cheaper. 

    There is not a huge difference between all the technology as all the partners use the same technology.

    How was the initial setup?

    The solution is quite simple and straightforward to set up. I'd rate it a four out of five in terms of ease of execution.

    There is, for example, no need to more configuration. It's very easy. In the cloud, you just reinstall the virtual machine, its main connectors in Big Sur, and then, on the customer side, you put the small virtual machine at the connectors.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is very good. It's reasonable and competitive. I'd rate the pricing at five out of five. 

    What other advice do I have?

    I'd rate the solution a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: PARTNER / INTEGRATOR
    PeerSpot user
    Buyer's Guide
    Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2023
    Buyer's Guide
    Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.