Fortinet FortiSIEM Reviews

My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.

Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.

The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.

I have been using Fortinet FortiSIEM for two years.

Stability is very good.

Fortinet FortiSIEM is scalable.

Technical support is perfect.

The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.

We use an integrator for the deployment of Fortinet FortiSIEM. 

The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.

Before fitting the product into your environment, make sure you have the right requirements.

I would rate Fortinet FortiSIEM a 9 out of 10.

We use it as our main SIEM tool for creating rules, creating alerts, monitoring, and accessing CMDB. We also use it to monitor a few more things related to writing security.

I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.

With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk.

When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.

I've been using it for a year and a half.

It's pretty stable. We haven't faced any critical issues with stability.

We had some issues when there were a few more updates or patches, but the technical support from FortiSIEM was pretty good and got it all sorted.

If you're using it for multi-tenant solutions, it will be pretty good, but it won't support running more than 20 clients on the same platform. It would need more resources. Even if you are implementing it for multi-tenant solutions, you would need implement fewer clients on it so that it has to use less effort.

On a scale from one to ten, I would rate it at eight.

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

Its training can be improved. Its price also needs to be improved.

I have been using this solution for one year.

It has been good so far. We don't have any complaints about the tool.

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.

I primarily use the solution as part of the firewall. I work mostly with banks and have extensive experience with configuring the VPN in relation to Fortinet.

The solution is quite user-friendly.

It's very easy to configure everything, including the VPN. It gives you lots of good options.

The product is quite well-organized. The GUI makes it easy to navigate.

The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed.

You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process.

It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option. 

The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.

I've been using the solution for about seven months at this point. It's been less than a year.

The stability of the product is fairly good. It's likely 70-80% there in terms of stability. There are many versions and the stability may vary slightly on each. 

In terms of security, however, I would say it's very stable. 

We haven't implemented the latest version yet as it hasn't been implemented widely. 

In general, the stability isn't a problem for us and we don't need to worry too much about it.

The technical support is quite fine. We can communicate with them easily if we need to. If we have a problem or we need an issue addressed, we simply open a ticket and the Fortinet team is ready to assist. They are very knowledgeable and responsive. We've been satisfied with the support they give us.

The initial setup does take some time to learn. I'm in the process of learning more about it now, specifically in relation to configuration or the VPN.

If you are comparing the product to Cisco's solutions, it's very cheap and moderately priced. It's affordable. At the same time, it's a very effective solution. It's affordable and it works well.

On a scale from one to ten, I would rate the product at an eight. It's been a pretty positive experience overall. I'm still learning the solution and discovering new things about it, however, it has everything I need at the same time. 

We primarily use it for all of our cloud space and for firewalls,and AWS security services etc., for example, for the email, Cloud watch and AWS security HUB

Single pane of glass for security issues

There's a great feature on the solution that allows us to analyze security issues and incidents. It automatically allows us to trace any incident. It's an invaluable aspect of the solution. 

The solution has a relatively low cost.

We find the solution to be stable.

It's my understanding that the solution can scale well.

The solution needs to be form flow diagram automatically with AWS platform

I've only been using the solution for the last six months.

The solution is stable. It's very reliable. There aren't bugs or glitches. It doesn't freeze or crash.

I personally have never tried to scale the solution. That said, the solution is scalable and companies shouldn't have any issue expanding it as needed.

The solution is being used pretty extensively in our organization and we have several teams on it.

We've definitely called technical support in the past when we have run into issues. We've been satisfied with the level of service they provide. We always get a proper response and they're always ready to resolve any issues we have. We are able to close tickets very quickly because they are so knowledgeable and responsive.

The solution was fairly complex. However, this was due to the fact that we had to do a lot of configurations at the outset. The solution didn't make the process easy for us. Typically, it's easy to implement and I would be able to handle the process myself.

It took us about 15 days to deploy everything on our end.

Implementation was done by Fortinet's Professional Service Team which was quite satisfactorily 

The solution is very cost-effective compared to competitors. We just need to pay licensing and support costs. There aren't added costs beyond that.

We didn't previously look at other solutions. We saw that Fortinet fit our needs, and therefore we chose it.

We're a public utility, so we just use the solution. We don't have a business relationship with the company.

We use the latest version of the solution.

We use a variety of Fortinet solutions at our organization. For example, we integrate the complete AWS cloud space into that all FortiSIEM.

I'd recommend the solution to other organizations, especially those that are cost-conscious. Compared to there solutions' it's rather easy to implement.

I'd rate the solution overall seven out of ten.

We use FortiSIEM to protect our customers. 

Our current client has 20 branches and we can connect from any branch to their headquarters. We have high availability between headquarters and branches via the VPN connection. We can protect our SD-WAN, as well.

Fortinet is very helpful for our customers.

Every feature is good. This is one of the greatest SIEM products on the market. The most valuable feature this solution offers is that it protects the server and the client.

It's very easy for anyone to work with. You don't need any help externally.

This is a great product for everyone. The disadvantage is the product portfolio.

We need more incidents automatically to protect our network.

We need to see incident reports about the event log, without events from the administrator or through human interaction.

In the next release, I would like to have automated generation reports of incident reports.

I have been using this solution for three years.

This solution is stable.

It's a scalable product.

Fortinet has a large number of products with many modules. 

We can use it for small, medium, and large enterprise companies. This product is suitable for all business sizes.

Support is very helpful. They have support in our local area and there are five or six support branches worldwide.

We can contact them through Facebook, the website, on chat, and using the phone with no problem.

They are helpful and they respond quickly.

We only use Fortinet products.

I work with version 5, version 6, and version 6.2.

The initial setup is very easy. It's straightforward.

One person can do the basic installation and maintenance. One person can support engineers.

Every product that Fortinet offers is easy to install and can easily be deployed by one person.

You can deploy and execute one device in one day. If the project is large then you will need two or three days to complete the installation. This includes time for troubleshooting if needed.

Pricing is acceptable for more than 90% of our customers, as they normally get discounts.

My advice would be to know this solution, and study it well to avoid mistakes.

The configuration is simple, not complex. It's a very good product. I have not experienced any issues with it.

I would rate this solution a nine out of ten.

I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.

The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.

Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.

The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.

I have been using Fortinet FortiSIEM since 2018.

Stability-wise, I rate the solution a nine out of ten.

If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.

It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.

My company deals with around six customers who use the product.

The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.

The product's initial setup phase is easy.

In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.

After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.

I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.

There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.

The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.

I rate the integration capabilities of the tool a nine out of ten.

The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.

It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.

I rate the tool a nine out of ten.

I use the solution in my company since it provides ease of monitoring. My company uses the product to get reports for our customers and monitoring purposes, as per the customer's preferences.

At times, I have noticed that Fortinet FortiSIEM suddenly goes down, and because of this, I have to reboot the servers from the engineers. Usually, I have to restart the panel again to get the product functioning. The aforementioned area of concern has been around for a very long time, making it something where improvements are required.

The stability of the product is an area of concern where improvements are required.

ArcSight can provide a detailed report for a year in a PDF format. In Fortinet FortiSIEM, there is a need to put in manual effort to get a detailed report. In Fortinet FortiSIEM, if I get reports for a specific time frame, I have to manually narrow them down by myself, after which I will not be able to get them in a Word or PDF format, which can be challenging.

I have been using Fortinet FortiSIEM for a year. My company uses the product for some of our internal purposes.

It is a scalable tool. The product can handle a considerable number of customers.

At the moment, there are only two people in my company who use the solution. In the future, the number of uses may increase, especially if my company has to deal with more customers who want to use Fortinet FortiSIEM.

Based on what I heard from my colleagues, the technical support is not bad. My colleagues directly contact the technical support for help.

The product's initial setup phase was easy. I wasn't a part of the deployment process.

In terms of how the tool supports our company's compliance monitoring and reporting practices, I would say that it stems from the fact that Fortinet FortiSIEM is able to serve what our company's customers want while also having the ability to offer solutions, making it quite easy for us to give the customers what they want. The fact that the solution helps my company provide the reports that my customer wants is actually nice. The tool also offers customization ability.

The features of Fortinet FortiSIEM that I find most effective for real-time security event correlation are real-time server connections, which allow me to see all the servers that are online at a particular period of time. The product also shows the threats and bifurcates them into high, medium, and low. The solution has the ability to generate reports easily. The product also provides specific solutions for any threats that are found.

The way Fortinet FortiSIEM improves my company's security posture stems from the fact that with the tool, I can see whatever is happening in real-time. In terms of security issues, if I try to see the problem or threat, then I can really dig deep into what is happening, which is a nice feature.

The tool is easy to maintain. Only two people are required to maintain the solution.

If I compare the integration capabilities of ArcSight with Fortinet FortiSIEM, I would have to say that the latter is in a better position to provide its customers with more details in terms of cybersecurity threats or if they want to compare the firewalls. Fortinet FortiSIEM is better for customers with no cybersecurity knowledge since it helps them understand the product. Fortinet FortiSIEM is better for the security of its customers.

I would ask those who plan to use the Fortinet FortiSIEM to see whether there are other solutions with which it needs to interact in their environment. Fortinet FortiSIEM is one of the best solutions I have dealt with, considering that it has a nice user interface. The update page is good and works in real time. The firewall part of the tool is good. I don't think there is anything that can cause problems for the tool's firewall. I actually liked the tool's firewall.

I rate the overall tool a nine out of ten.