Fortinet FortiSIEM OverviewUNIXBusinessApplication

Fortinet FortiSIEM is the #9 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give Fortinet FortiSIEM an average rating of 7.4 out of 10. Fortinet FortiSIEM is most commonly compared to Microsoft Sentinel: Fortinet FortiSIEM vs Microsoft Sentinel. Fortinet FortiSIEM is popular among the large enterprise segment, accounting for 52% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
Fortinet FortiSIEM Buyer's Guide

Download the Fortinet FortiSIEM Buyer's Guide including reviews and more. Updated: December 2022

What is Fortinet FortiSIEM?

FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

Companies around the world use FortiSIEM for the following use cases:

  • Threat management and intelligence that provide situational awareness and anomaly detection
  • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
  • Managing “alert overload”
  • Handling the “too many tools” reporting issue
  • Addressing the MSPs/MSSPs pain of meeting service level agreements

Fortinet FortiSIEM was previously known as FortiSIEM, AccelOps.

Fortinet FortiSIEM Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.

Fortinet FortiSIEM Video

Fortinet FortiSIEM Pricing Advice

What users are saying about Fortinet FortiSIEM pricing:
  • "This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
  • "Fortinet's products are not expensive, it is less than the competition."
  • "Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."
  • "The price of Fortinet FortiSIEM was reasonable compared to other solutions."
  • "The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
  • Fortinet FortiSIEM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Director, Infrastructure and Operations at a comms service provider with 11-50 employees
    Real User
    Top 20
    It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources
    Pros and Cons
    • "The event correlation is pretty robust. The GUI is pretty good."
    • "Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."

    What is our primary use case?

    We have eight use cases installed, and we are collecting log sources from most of the relevant endpoints. We did all that configuration ourselves. So, the product didn't really have a lot to do with it.

    It is deployed on a private cloud. We manage the cloud infrastructure ourselves, and its primary purpose is to monitor and protect our network devices and our own business systems, not necessarily our customer-facing services.

    We are most probably on version 3. We are not on the current release.

    What is most valuable?

    The event correlation is pretty robust. The GUI is pretty good. 

    What needs improvement?

    Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire.

    The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work.

    The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.

    For how long have I used the solution?

    We've been using it for about three years.

    Buyer's Guide
    Fortinet FortiSIEM
    December 2022
    Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,397 professionals have used our research since 2012.

    What do I think about the scalability of the solution?

    Scaling is problematic because of the architecture. It is very hard to figure out the required compute, memory, and disk space because the documentation is so bad. Like any SIEM, it is very compute-heavy. So, scaling is always a problem. We've come to the conclusion that it is not scalable to the magnitude that we require.

    I have two system administrators at the moment who are a part of my SOC. We have a very small operation. My SOC right now is comprised of two analysts, a senior analyst, and a manager. All of them are technical, and all of them are involved in managing this solution in one way, shape, or form.

    We use the product as one of our internal controls. We have several others, which I won't get into, and we do not plan on scaling it beyond that. We have been piloting some customer-facing use cases, and we will be deprecating those, scaling them back, and moving them to the Microsoft product.

    How are customer service and support?

    Their technical support is really bad. Their account support and product support are fine. I would rate their technical support one out of ten.

    How would you rate customer service and support?

    Negative

    How was the initial setup?

    The initial deployment was done with the partner. Since then, we have done additional endpoints and upgrades, and we are doing all the work ourselves now. 

    What about the implementation team?

    We used a partner to help us with the initial setup.

    What was our ROI?

    We are not really tracking ROI. We just view it as a cost of business, and we are not driving any revenue from it. So, it is just a sum cost.

    What's my experience with pricing, setup cost, and licensing?

    This is probably more on the lower cost end of the spectrum compared to competing products.

    Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model.

    In terms of additional costs, we also pay for our cloud infrastructure to run it. If your log source is not supported, you're going to have to develop custom parsing. So, you're going to incur that development cost. There is also the normal day-to-day administration cost.

    Which other solutions did I evaluate?

    We implemented Fortinet FortiSIEM for our own use, and then we have been exploring the idea of using it for a customer-facing or a managed service provider multi-tenant SIEM. We offer managed SIEM services to our customers, and we've come to the conclusion that it is not well suited for that purpose. We are in the process of installing Microsoft Sentinel and Azure Lighthouse for a new service.

    What other advice do I have?

    My overall impression is that this is an SMB product. It is not a large-scale enterprise or multi-tenant product. Even though they tell you it'll do that, it is an SMB tool, and it is pretty good for that purpose. However, most institutions would not have the required in-house expertise for it. You need a dedicated, skilled technical administrator. You need your own DevOps team, which small and medium businesses generally don't have, or you can do what we did and use a partner to do the work for you.

    I would caution others to fully understand the support model and talk to reference customers about it and have a solid understanding of what their internal resource needs will be to implement and support it. That's because it is complicated. Depending on the product you pick, you would need some in-house technical capabilities. For bigger companies, that's usually not a problem, but for small and medium businesses, that can be a problem.

    I would rate it a six out of ten. It is suitable for its purpose. It is targeted at the SMB market. The feature function is fine. I would rate it higher if their technical support was better.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Presales IT at a tech services company with 201-500 employees
    MSP
    Top 5
    Integrates logs from different sources so that there is a common place to see and create dashboards
    Pros and Cons
    • "FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
    • "The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."

    What is our primary use case?

    I work in our presales department. We have three of our clients using Fortinet FortiSIEM.

    The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.

    We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.

    How has it helped my organization?

    FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication. We use VPN instead of publishing services to the world, and we closed some services that are no longer being used. Eventually, we geographically blocked some services that do not need to be published in China or the United States, for example.

    What is most valuable?

    FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries. 

    What needs improvement?

    The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated process and takes time.

    In future releases, I would like to see a resource for common environments like VMware and VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation.

    For how long have I used the solution?

    We have been using Fortinet FortiSIEM for a year and a half.

    What do I think about the stability of the solution?

    Being a Linux virtual appliance, FortiSIEM is a stable platform.

    What do I think about the scalability of the solution?

    We are located in Uruguay, which is a small country. We have no issues with scalability because we have so few people and our IT infrastructure is quite simple. 

    Our customers have between 200 and 400 users of Fortinet FortiSIEM.

    How are customer service and support?

    I would rate the customer service and support of Fortinet FortiSIEM a four out of five. They are quite good.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Prior to FortiSIEM, we did not use SIEM. We had a log concentrator, but it did not have the ability or the AI to correlate logs like SIEM has.

    We decided to implement FortiSIEM because SIEM has the ability to create logs using AI. With a log concentrator, we have all the events there, but there is no relation between them and what we have to do manually.

    How was the initial setup?

    The initial setup of Fortinet FortiSIEM is easy. The solution is on a virtual appliance that you download and put in the VMworld or on-premise. I would rate the ease of initial setup a five out of five.

    What about the implementation team?

    Deployment and implementation of FortiSIEM took three months due to the tuning and the building of the dashboards. We used Fortinet professional services for our first deployment. For the second deployment, we used our in-house team. 

    What was our ROI?

    We are seeing very good results on a security level.

    What's my experience with pricing, setup cost, and licensing?

    Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put them in your environment or in the cloud. Without the disk, you have to turn off the device.

    I would rate them a three out of five overall for pricing.

    Which other solutions did I evaluate?

    We did consider Sentinel in Azure because it is almost free.

    What other advice do I have?

    If you are considering Fortinet FortiSIEM for your organization, write down what alerts are important to you, which devices deserve to be monitored, and which logs you really need. You will need to customize all of this. If you have all of this detailed, the implementation process will be easier.

    I would rate the solution an eight out of ten overall.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Fortinet FortiSIEM
    December 2022
    Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,397 professionals have used our research since 2012.
    Sami Isoaho - PeerSpot reviewer
    Principal Cloud Architect at Viria Security Oy
    Real User
    Top 5
    Very easy alert setup; a good tool for analysis and for SOC
    Pros and Cons
    • "Easy alert setup which enables different alerts in different categories."
    • "Not very good on non-API features, lacks that functionality."

    What is our primary use case?

    We use Fortinet FortiSIEM for storage of security information and analysis, as well as for alerts from the 50-60 services that we have. All of our webs are linked to FortiSIEM. It's a form of SOC tool and data is used for identifying trends and what's happening around the networks. We're customers and end-to-end users when it comes to FortiSIEM, but for other Fortinet products we're either partners or a value-added reseller. I'm the principal cloud architect in our company. 

    What is most valuable?

    I think the most valuable feature is the easy alert setup, it's very important. It's quite simple to use and enables us to have different alerts in different categories. SOC is able to see all the red alerts, it's impossible to miss them. It's a good tool for analysis and for SOC. We upload all network detection tools that support FortiSIEM and can investigate for different alerts or vulnerabilities. A great feature is that you can use Python scripting for data stack. It's great for devices that don't generate a genuine local source of information. 

    What needs improvement?

    This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.

    For how long have I used the solution?


    What do I think about the stability of the solution?

    It's a very reliable solution, we haven't had any outages during the last year and we're using it a lot. We have over 40 people using it 24/7.

    What do I think about the scalability of the solution?

    This solution is not very scalable if you have a lot of security events; it's focused more around smaller companies. We've become too big for it with 48,000 devices which we are monitoring and we had to create another instance and split things. It's not perfect because it requires purchase of a second license. We use the solution all the time. 

    How are customer service and technical support?

    Fortinet support is very fast. If I need to ask something, I'll get a response within a couple of hours. 

    How was the initial setup?

    The initial setup was quite straightforward. They have good documentation and once we deployed, there were only a couple of times where we needed a little bit of support because there were delayed reactions. 

    What's my experience with pricing, setup cost, and licensing?

    The licensing is on an annual basis and calculated on the set up number. Of course, the licensing cost could be less but it's not too bad and is quite nicely priced. With Centreon or Splunk you just pay for the use but if we compare the cost of FortiSIEM with Splunk, it's less than half the price.

    Which other solutions did I evaluate?

    We took a look at IBM QRadar, which was the main competitor, and we also looked at Splunk. Splunk lost out quickly because of the cost and we ended up going with Fortinet because it was much easier to manage and implement things than QRadar and it has the Python scripting.

    What other advice do I have?

    If your use case suits this solution, I would recommend it. If you are a professional operator and you're into pre-investing, and not just paying per use, then FortiSIEM is one of the best options you can have.

    I rate this product an eight out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    MarioBrito - PeerSpot reviewer
    Pre-Sales Cybersecurity Solutions at ECSSA El Salvador
    Reseller
    Top 10
    Allows us to combine SOC and NOC operations and has good reports, integrations, and support
    Pros and Cons
    • "One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
    • "Its training can be improved. Its price also needs to be improved."

    What is our primary use case?

    We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

    Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

    How has it helped my organization?

    With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

    What is most valuable?

    One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

    There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

    What needs improvement?

    Its training can be improved. Its price also needs to be improved.

    For how long have I used the solution?

    I have been using this solution for one year.

    What do I think about the stability of the solution?

    It has been good so far. We don't have any complaints about the tool.

    What do I think about the scalability of the solution?

    It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

    Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

    How are customer service and technical support?

    We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

    How was the initial setup?

    The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

    What about the implementation team?

    For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

    What's my experience with pricing, setup cost, and licensing?

    There is a licensing scheme for every case. There are three licensing schemes that we can choose from.

    Which other solutions did I evaluate?

    Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

    What other advice do I have?

    I would advise others to start small and plan for future growth. 

    I would rate Fortinet FortiSIEM an eight out of ten.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Partner at a security firm with 11-50 employees
    Reseller
    Top 20
    Good network monitoring with excellent scalability and good stability
    Pros and Cons
    • "The stability is very reliable. It offers very good performance."
    • "The policy editing should be easier. Right now, it's too hard."

    What is our primary use case?

    We primarily use the solution for network and security monitoring.

    What is most valuable?

    Most of those CM functions and the correlation alerts are very helpful to our clients. 

    The network monitoring is one of the most valuable aspects of the solution.

    You can scale the solution with ease if you need to expand.

    The stability is very reliable. It offers very good performance.

    What needs improvement?

    The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product.

    The policy editing should be easier. Right now, it's too hard. 

    Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier.

    The product is quite expensive. It's something clients always comment on.

    For how long have I used the solution?

    We have been using the solution for many years - including before Fortinet acquired the original organization.

    What do I think about the stability of the solution?

    The solution is quite stable. We find it very reliable. It doesn't crash or freeze. There aren't bugs and glitches.

    What do I think about the scalability of the solution?

    The scalability of the solution is excellent. It's one of the main reasons we chose to go with this option. If a company needs to expand, it can do so easily. There aren't constraints.

    We have about five to ten customers on the solution currently.

    How are customer service and technical support?

    I'm not using the vendor's technical support. Mostly we have our own in-house resources. I cannot tell if are they good or bad. I have never dealt directly with them. Therefore, it would be difficult to review their services.

    How was the initial setup?

    In terms of the initial setup, the process is not straightforward. It's complex and difficult. Making it easier would help a lot.

    All CM installations and implementations are complicated. You have to tailor the product. It's not really something you can just implement out-of-the-box. 

    That said, a basic installation is simple. It takes a few days. After you've done the implementation stage, then it takes time. Of course, it depends on the projects. I cannot say how much time it's taken exactly. I just know it takes quite a while.

    For deployment, we use two people in a project. One of them is for the beginning of the project - for the implementation and the installation process. The other is the administration which we are generally pas off to our customers. I tend to handle the daily operations.

    What's my experience with pricing, setup cost, and licensing?

    All of our customers find the solution expensive. It's not a cheap option.

    I don't know the exact cost of the solution as I don't directly handle the licensing.

    What other advice do I have?

    We are actually a reseller service company and we are dealing with the solutions for our customers. We are using the SIEM solutions. We are not a user, we are a reseller.

    We have many customers. Not all may be using the latest version of the solution.

    I would recommend the solution.

    In general, I would rate the solution eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Babar Shahbaz - PeerSpot reviewer
    Head of Product Management (Cloud & Digital) at Pakistan Telecommunication Company Limited
    Real User
    Integrates well with other Fortinet solutions, has nice VR and security feature s
    Pros and Cons
    • "We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
    • "FortiSIEM is not a market leader in the SIEM space."

    What is our primary use case?

    We primarily use the solution for security.

    What is most valuable?

    Fortinet has a unique model, which they call MSSP, managed services security partner. They select a telco in a country, partner with them, and offer them the certification track. We are an MSSP partner in Pakistan. FortiSIEM and FortiSOAR, their overall solutions that are there for threat mitigation, visibility, control, et cetera, is well integrated.

    We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers.

    There's a VR feature that is basically segmenting these firewalls, these security devices. Using that feature, we can make a network slice for each and every enterprise customer. All of the infrastructure is deployed in our data center, yet customer uses it as if it is their own.

    What needs improvement?

    FortiSIEM is not a market leader in the SIEM space. In SIEM solutions, typically, our customers ask for Splunk, or they ask for Logarithm. Some legacy customers ask for IBM. This isn’t as popular. Fortinet needs to grow in that perspective. They need to become a leader in the magic quadrant of Gartner and be seen as visionary so that the top customers, the big customers, take them seriously in the SIEM space.

    For how long have I used the solution?

    I’ve been using the solution for more than a year now.

    What do I think about the stability of the solution?

    This is an absolutely stable solution. There aren’t bugs or glitches, and it doesn’t crash or freeze. It’s reliable.

    What do I think about the scalability of the solution?

    We don’t have users per se. We are selling it. We have just started selling it. At this point, we have more than double-digit customers onboarded who are using the services.

    My understanding is that the solution is entirely scalable.

    How are customer service and support?

    We find technical support quite helpful. They're very responsive. They have a very good on-the-ground team in Pakistan.

    How was the initial setup?

    While I am responsible for the overall product owners within PTCL, within my organization, I don’t directly deal with implementation tasks.

    My colleagues tell me it is easy to deal with, however.

    What's my experience with pricing, setup cost, and licensing?

    I can’t speak to the general cost of the solution. They have a very flexible model for partners like us, however. It is a pay-as-you-grow model.

    What other advice do I have?

    I’m not sure which exact version I’m using.

    We are a cloud provider. Whatever we do, we sell it to our clients. We're not an enterprise, we are a public cloud provider, PTCL, and we sell to our clients.

    I’d rate the solution eight out of ten.

    If a company already has Fortinet devices in their network they have all the components of security of Fortinet, then it will make sense for them to consider FortiSIEM. If, however, it doesn’t have Fortinet security devices, it may be difficult to leverage.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Abdul-MuminIddrisu - PeerSpot reviewer
    CCO at oduma solutions ltd
    Real User
    Top 5
    Effective multi-tenancy, helpful support, but interface could improve
    Pros and Cons
    • "Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly."
    • "The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."

    What is our primary use case?

    We are using Fortinet FortiSIEM for multi-tenant SOC service.

    Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.

    How has it helped my organization?

    Fortinet FortiSIEM has helped us achieve our goal of serving multi-tenant SOC services. We're able to serve multiple clients at the same time.

    What is most valuable?

    Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.  

    What needs improvement?

    The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.

    For how long have I used the solution?

    I have been using Fortinet FortiSIEM for one year.

    What do I think about the stability of the solution?

    Fortinet FortiSIEM is stable.

    What do I think about the scalability of the solution?

    The scalability of Fortinet FortiSIEM is good.

    How are customer service and support?

    We have contacted the support a number of times and they were helpful.

    How was the initial setup?

    The initial setup of Fortinet FortiSIEM is straightforward. It took us approximately two weeks.

    What about the implementation team?

    We did the deployment in-house. We had two people for the implementation.

    What was our ROI?

    We are using Fortinet FortiSIEM to serve clients, and we are receiving our return on investment from them.

    What's my experience with pricing, setup cost, and licensing?

    The price of Fortinet FortiSIEM was reasonable compared to other solutions.

    There are many licenses required, such as the MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent license that you need. If you use any Windows Agent, you receive a separate license charge.

    What other advice do I have?

    We started using Fortinet FortiSIEM because we were recommended to use it by a trusted source.

    My advice to others would be to carefully look at the cost involved, and look closely at the licensing model. If it's a model that works for you, then great. However, it came as a surprise to us, we were told that we would be giving different licenses for the devices, and for the Windows Agent separately. We were not expecting the additional costs, it caught us off guard.

    I rate Fortinet FortiSIEM a six out of ten.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Asst Programmer Data Center at a consultancy with 10,001+ employees
    Real User
    Top 20
    Plenty of features, reliable, but more frequent updates needed
    Pros and Cons
    • "We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
    • "We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."

    What is our primary use case?

    We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.

    What is most valuable?

    We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.

    What needs improvement?

    We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.

    The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.

    For how long have I used the solution?

    I have been using Fortinet FortiSIEM for two and a half years.

    What do I think about the stability of the solution?

    It's a foolproof solution for our requirements, it is stable.

    What do I think about the scalability of the solution?

    The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.

    We have approximately 25 security engineers using the solution and approximately 10,000 end users.

    We do not have plans to increase the usage of the solution at this time.

    How are customer service and support?

    I would rate the support of Fortinet FortiSIEM a four out of ten. 

    Which solution did I use previously and why did I switch?

    We previously were using the Juniper STRM, but  Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.

    How was the initial setup?

    The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.

    What about the implementation team?

    We had help from the Fortinet team for the implementation team.

    What was our ROI?

    We have received a return on investment by using this solution.

    What's my experience with pricing, setup cost, and licensing?

    The price of Fortinet FortiSIEM is a lot less when compared to other solutions.

    What other advice do I have?

    My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.

    I rate Fortinet FortiSIEM a six out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2022
    Buyer's Guide
    Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.