Fortinet FortiSIEM Reviews

I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center. 

I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics. 

The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.

I rate FortiSIEM eight out of 10 for stability. 

FortiSIEM is highly scalable, but you need to consider the costs. It will be expensive if you want to scale it up. 

We rely on Fortinet support, and their response times have room for improvement. They can take a while to respond sometimes. 

Setting up FortiSIEM is straightforward because they provide you with a step-by-step guide that covers installation and troubleshooting. The deployment time depends on your setup and what you need to integrate. It can take days or weeks, but we can typically finish in under a week.

There isn't a single one-size-fits-all implementation because some clients have mixed environments, and we need to develop a custom solution if we are working on multiple fabrics.

You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money. 

I rate FortiSIEM eight out of 10. My only advice is to understand your environment and learn as much as you can about SIEM before implementing the solution. I started by building open-source solutions from scratch, which gave me a big picture view of how to implement SIEM solutions and work with fabrics. You need to learn the basics about how to set rules and interpret logs. 

My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.

Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.

The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.

I have been using Fortinet FortiSIEM for two years.

Stability is very good.

Fortinet FortiSIEM is scalable.

Technical support is perfect.

The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.

We use an integrator for the deployment of Fortinet FortiSIEM. 

The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.

Before fitting the product into your environment, make sure you have the right requirements.

I would rate Fortinet FortiSIEM a 9 out of 10.

Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet. 

I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature. 

We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.

I've been using this solution for four years. 

Scalability is good; you just add extra licenses. We have 15 admin users and around 10,000 EPS.

There are lots of issues with licensing policies like the agentless and agent-based installation. It creates a lot of issues because when we purchase the SIEM, by default, we expect most of the licenses to be in the bundle. But it's not like that. We need to purchase separate licenses for each agent and agentless system. There is also licensing with the EPS. It's quite difficult for proposing and purchasing the solution. We hire Fortinet professional services for deployment. 

I think that QRadar and RSE are better solutions than SIEM. The interactivity, scalability, and performance are far better than Fortinet. 

My needs are not getting met with this solution so I would not recommend it to anyone and rate it four out of 10. 

It is used as an alerting platform and has an availability manager.

We already have experience with Fortinet products, so dealing with Fortinet FortiSIEM is not complicated.

They should offer better visibility, more correlation tools and a better understanding of the network. Fortinet FortiSIEM already uses simple and standard protocols like SNMP, DuraMI and Syslog. Other solutions like QRadar use sFlow, so I think that they can do better.

In addition, the log collection and configuration management are not great.

We have been using this solution for three years. We deployed Fortinet FortiSIEM at about three customer sites, and it is deployed on-premises.

The product is stable.

It is a scalable solution.

We have expertise with the product, so we don't use technical support often. We only require support for the error mark, and the support is quick and fast for that.

The initial setup was simple, and we deployed Fortinet FortiSIEM in two days. We already had all the information regarding the customers' notes, and it was simple, quick and fast.

It is cheaper than LogPoint or QRadar.

I rate this solution a five out of ten. It is not as good as other solutions like QRadar, but it's cheaper than other products and very simple. In the next release, the visibility should consist of simple and standard protocols.

Regarding advice, if you don't have a dedicated team to handle your logs, don't have a big budget, and want a solution to correlate and collect logs from many vendors, Fortinet FortiSIEM is an excellent choice.

I am using Fortinet FortiSIEM to correlate events in our enterprise.

Fortinet FortiSIEM has helped our organization by providing us with business monitoring.

The most valuable feature of Fortinet FortiSIEM is the correlation of many events.

Fortinet FortiSIEM could improve to extend to several locations or sites.

I have been using Fortinet FortiSIEM for approximately two years.

The stability of Fortinet FortiSIEM is okay but it could improve.

We would like to increase the usage of Fortinet FortiSIEM.

The technical support from Fortinet FortiSIEM is good.

We previously used Juniper Security Threat Response Manager.

The initial setup of Fortinet FortiSIEM is easy. The full deployment took approximately seven days.

We had one supervisor and two others that helped do the implementation of Fortinet FortiSIEM. We did the implementation in-house.

We have five network administrators for maintenance.

We have seen a return on investment using Fortinet FortiSIEM.

There are additional features that cost more than the standard licensing fees.

We evaluated two other solutions before choosing Fortinet FortiSIEM. The graphical user interface is better in Fortinet FortiSIEM.

I rate Fortinet FortiSIEM a seven out of ten.

We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.

The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.

When our team tried configuring logs for Microsoft SQL, it did not work.

The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.

I have been using the solution for the past four to five months.

The solution is stable.

The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.

My team members contacted the support team, and they helped us configure a few things.

My team did not face any issues during configuration.

I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.

FortiSIEM analyzes the logs from all the servers and firewalls.

FortiSIEM provides visibility into what happens on our corporate network. We can see traffic from users and detect brute force or bot attacks. It's clear in the SIEM solution. 

FortiSIEM's log correlation is good. 

FortiSIEM could be better integrated with other vendors. 

This happened about one year or one year and a half.

We had some issues during the update. Some updates didn't install, so we opened a ticket with Forti support, but it took more time to solve.

FortiSIEM scales enough for our company. After the initial deployment, we added some servers and increased the resources to enable FortiSIEM to take the logs from the servers.

I rate Fortinet support nine out of 10. It's excellent. 

Positive

Fortinet performed the initial setup, and it took about a week. We installed the image and integrated it with another server's Active Directory. Then we integrated it with the firewalls, routers, switches, and controller. Finally, we had to configure the policies.

I rate Fortinet FortiSIEM eight out of 10. I would recommend FortiSIEM for corporate users, but I haven't tried any other SIEM solutions, so I have no reference for comparison. In the future, we might try another vendor with a more comprehensive solution. 

We use Fortinet FortiSIEM for security, a gateway, and for authentication.

The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls.

Fortinet FortiSIEM could improve by having a signature update.

I have been using Fortinet FortiSIEM for approximately 16 years.

Fortinet FortiSIEM is stable. However, it was not stable from the beginning.

Fortinet FortiSIEM is the best soltuions here in Thailand. There are many users and partners here.

There are 10 to 3,000 users in my company. Most of the users are specialists in IT. We plan to increase usage in the future.

I have used the technical support and they have been good.

I have used other solutions previously.

The initial setup of Fortinet FortiSIEM was easy. The deployment would take a few days for the middle and large models.

We need some information for the customer, such as policies, before we can implement the solution.

We do the implementation of Fortinet FortiSIEM. We use one IT specialist for the deployment and maintenance of the solution.

I would advise others this solution is easy to use and has a lot of features. They should try it out.

I rate Fortinet FortiSIEM a seven out of ten