Fortinet FortiSIEM Reviews

We have eight use cases installed, and we are collecting log sources from most of the relevant endpoints. We did all that configuration ourselves. So, the product didn't really have a lot to do with it.

It is deployed on a private cloud. We manage the cloud infrastructure ourselves, and its primary purpose is to monitor and protect our network devices and our own business systems, not necessarily our customer-facing services.

We are most probably on version 3. We are not on the current release.

The event correlation is pretty robust. The GUI is pretty good. 

Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire.

The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work.

The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.

We've been using it for about three years.

Scaling is problematic because of the architecture. It is very hard to figure out the required compute, memory, and disk space because the documentation is so bad. Like any SIEM, it is very compute-heavy. So, scaling is always a problem. We've come to the conclusion that it is not scalable to the magnitude that we require.

I have two system administrators at the moment who are a part of my SOC. We have a very small operation. My SOC right now is comprised of two analysts, a senior analyst, and a manager. All of them are technical, and all of them are involved in managing this solution in one way, shape, or form.

We use the product as one of our internal controls. We have several others, which I won't get into, and we do not plan on scaling it beyond that. We have been piloting some customer-facing use cases, and we will be deprecating those, scaling them back, and moving them to the Microsoft product.

Their technical support is really bad. Their account support and product support are fine. I would rate their technical support one out of ten.

Negative

The initial deployment was done with the partner. Since then, we have done additional endpoints and upgrades, and we are doing all the work ourselves now. 

We used a partner to help us with the initial setup.

We are not really tracking ROI. We just view it as a cost of business, and we are not driving any revenue from it. So, it is just a sum cost.

This is probably more on the lower cost end of the spectrum compared to competing products.

Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model.

In terms of additional costs, we also pay for our cloud infrastructure to run it. If your log source is not supported, you're going to have to develop custom parsing. So, you're going to incur that development cost. There is also the normal day-to-day administration cost.

We implemented Fortinet FortiSIEM for our own use, and then we have been exploring the idea of using it for a customer-facing or a managed service provider multi-tenant SIEM. We offer managed SIEM services to our customers, and we've come to the conclusion that it is not well suited for that purpose. We are in the process of installing Microsoft Sentinel and Azure Lighthouse for a new service.

My overall impression is that this is an SMB product. It is not a large-scale enterprise or multi-tenant product. Even though they tell you it'll do that, it is an SMB tool, and it is pretty good for that purpose. However, most institutions would not have the required in-house expertise for it. You need a dedicated, skilled technical administrator. You need your own DevOps team, which small and medium businesses generally don't have, or you can do what we did and use a partner to do the work for you.

I would caution others to fully understand the support model and talk to reference customers about it and have a solid understanding of what their internal resource needs will be to implement and support it. That's because it is complicated. Depending on the product you pick, you would need some in-house technical capabilities. For bigger companies, that's usually not a problem, but for small and medium businesses, that can be a problem.

I would rate it a six out of ten. It is suitable for its purpose. It is targeted at the SMB market. The feature function is fine. I would rate it higher if their technical support was better.

I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center. 

I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics. 

The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.

I rate FortiSIEM eight out of 10 for stability. 

FortiSIEM is highly scalable, but you need to consider the costs. It will be expensive if you want to scale it up. 

We rely on Fortinet support, and their response times have room for improvement. They can take a while to respond sometimes. 

Setting up FortiSIEM is straightforward because they provide you with a step-by-step guide that covers installation and troubleshooting. The deployment time depends on your setup and what you need to integrate. It can take days or weeks, but we can typically finish in under a week.

There isn't a single one-size-fits-all implementation because some clients have mixed environments, and we need to develop a custom solution if we are working on multiple fabrics.

You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money. 

I rate FortiSIEM eight out of 10. My only advice is to understand your environment and learn as much as you can about SIEM before implementing the solution. I started by building open-source solutions from scratch, which gave me a big picture view of how to implement SIEM solutions and work with fabrics. You need to learn the basics about how to set rules and interpret logs. 

We use the solution to monitor events and logs. It gives us a very powerful view of what is going on. We can configure it to send notifications of any malicious detection because it is based on an ML (machine learning) algorithm. Aside from using the solution to monitor the logs from different sources, we can also get detections because it has strong machine learning capability.

Fortinet FortiSIEM provides good detection against advanced threats.

The solution's interface could be modernized and improved.

I have been working with Fortinet FortiSIEM for one year.

I rate Fortinet FortiSIEM ten out of ten for stability.

Around 50 users are using Fortinet FortiSIEM in our organization.

I rate the solution an eight out of ten for scalability.

I rate Fortinet FortiSIEM a nine out of ten for the ease of its initial setup.

If nothing goes wrong, the solution can be deployed in one week.

We have seen a return on investment with Fortinet FortiSIEM.

Fortinet FortiSIEM is very cost-efficient compared to other SIEM solutions.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

The solution is deployed on the cloud in our organization. I'll recommend Fortinet FortiSIEM to users because of its functionalities, irrespective of whether they have a hybrid, on-prem, or cloud deployment. If a company has some compliance and regulations, the solution can fulfill their compliance and regulations within their country or industry.

Overall, I rate Fortinet FortiSIEM a nine out of ten.

FortiSIEM combines information from operations and integrates it into management.  

FortiSIEM is a great tool for making security processes transparent. 

I rate FortiSIEM 10 out of 10 for stability. 

I rate FortiSIEM nine out of 10 for scalability.

Setting up FortiSIEM is straightforward.  I prefer this product in the Fortinet environment. It's easy to install and configure.  

FortiSIEM might be considered expensive in some markets. We have an international customer base, and it's affordable for a lot of them. 

However, customers in some markets cannot build a suitable use case around it. But it's not because of the product. It often depends on customers' operation organization. 

You also need some operation and security knowledge to make a professional management decision. 

A company needs to work with the consultants and distributors who are delivering the environment and necessary support.

I rate Fortinet FortiSIEM nine out of 10. 

We use Fortinet FortiSIEM for storage of security information and analysis, as well as for alerts from the 50-60 services that we have. All of our webs are linked to FortiSIEM. It's a form of SOC tool and data is used for identifying trends and what's happening around the networks. We're customers and end-to-end users when it comes to FortiSIEM, but for other Fortinet products we're either partners or a value-added reseller. I'm the principal cloud architect in our company. 

I think the most valuable feature is the easy alert setup, it's very important. It's quite simple to use and enables us to have different alerts in different categories. SOC is able to see all the red alerts, it's impossible to miss them. It's a good tool for analysis and for SOC. We upload all network detection tools that support FortiSIEM and can investigate for different alerts or vulnerabilities. A great feature is that you can use Python scripting for data stack. It's great for devices that don't generate a genuine local source of information. 

This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.

It's a very reliable solution, we haven't had any outages during the last year and we're using it a lot. We have over 40 people using it 24/7.

This solution is not very scalable if you have a lot of security events; it's focused more around smaller companies. We've become too big for it with 48,000 devices which we are monitoring and we had to create another instance and split things. It's not perfect because it requires purchase of a second license. We use the solution all the time. 

Fortinet support is very fast. If I need to ask something, I'll get a response within a couple of hours. 

The initial setup was quite straightforward. They have good documentation and once we deployed, there were only a couple of times where we needed a little bit of support because there were delayed reactions. 

The licensing is on an annual basis and calculated on the set up number. Of course, the licensing cost could be less but it's not too bad and is quite nicely priced. With Centreon or Splunk you just pay for the use but if we compare the cost of FortiSIEM with Splunk, it's less than half the price.

We took a look at IBM QRadar, which was the main competitor, and we also looked at Splunk. Splunk lost out quickly because of the cost and we ended up going with Fortinet because it was much easier to manage and implement things than QRadar and it has the Python scripting.

If your use case suits this solution, I would recommend it. If you are a professional operator and you're into pre-investing, and not just paying per use, then FortiSIEM is one of the best options you can have.

I rate this product an eight out of 10. 

We have an MSSP license and provide services to customers from various verticals like manufacturing, pharmaceutical, and MRD (Manufacturing, Retail & Distribution). We provide the services of Fortinet FortiSIEM to customers who cannot avail of costly on-premise services.

Fortinet FortiSIEM is less costly than other products and is available 24/7.

Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market.

We have been using Fortinet FortiSIEM for almost one and a half years.

The stability of Fortinet FortiSIEM is good.

Fortinet FortiSIEM has good scalability.

I have faced no issues with Fortinet FortiSIEM’s customer support.

The deployment of Fortinet FortiSIEM, which included the migration of 30 plus customers and the initial setup of all components, did not take more than a month.

Fortinet FortiSIEM is cheaper compared to other products.

I use the latest version of Fortinet FortiSIEM. We have deployed Fortinet FortiSIEM on VMware.

Overall, I rate Fortinet FortiSIEM a seven out of ten.

Fortinet FortiSIEM is used to retrieve logs from different sources, such as network switches, firewalls, and servers, that are running difficult operating systems. The solution adds intelligence to the process that can provide meaningful information for the data analyst to use.

The solution can be deployed on the cloud or on-premise.

The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted.

The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial.

I have been using Fortinet FortiSIEM for a couple of years. 

The stability of Fortinet FortiSIEM is stable.

I rate stability Fortinet FortiSIEM an eight out of ten.

Fortinet FortiSIEM is known for its scalability, it scales well.

We have a couple of customers using this solution.

I rate the scalability of Fortinet FortiSIEM a nine out of ten.

The support from Fortinet FortiSIEM is great.

The initial setup is easy, but the time it takes for the deployment depends on the number of applications monitored. One of our clients has taken us three weeks, but a typical setup takes one month. Some logs are simple to configure while others can be more difficult. 

Deploying the solution is a straightforward process that involves just a few steps, such as loading the solution and configuring it, after which the solution will commence retrieving the data.

We do the implementation of the solution with two administrators within one month.

The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license.

My advice to others that might want to implement this solution is to know their business needs. There are other solutions, such as Splunk that can provide a lot more information when collecting data but it might not be needed for their use case. A small business would not need all the extra features of Splunk.

I rate Fortinet FortiSIEM an eight out of ten.

The solution's ability to collect data from different sources is its most valuable feature.

They should enhance the solution's AI capabilities, including XDR and EDR.

We have been using the solution for six months.

I rate the solution's stability as a nine.

I rate the solution's scalability as an eight. It works well with medium to large-scale enterprises.

The solution's tech support team is good.

The solution's initial setup is a bit complex as you have to do a lot of configuration. You have to collect data from different sources such as Microsoft, IBM, etc. The data extraction process differs for every system. Thus, you have to apply different protocols to collect data from various sources.

The solution has a lot of network solutions in its bucket. As a result, they provide excellent network strength. I advise others to know the product well before implementing it. I rate it as an eight.