Fortinet FortiSIEM Reviews

The security notifications and monitoring features.

With the online-based monitoring we've set up, we've been able to watch trends of attempted attacks on our network.

We're also able to monitor our account issues internally as attackers attempt to log into our accounts.

We fall under HIPAA so security is key.

As we're an SMB, I would like to see different licensing options and the solution is priced out of the reach of some small businesses. It was a priority for us, though, because of the HIPAA regulations we fall under, and a more attractive licensing structure would be nice for SMB's.

For the product itself, it's the configuration. You really have to have their help to configure the product. When hands are off and it's in maintenance mode, it's difficult to configure unless you're totally engrossed in the product on a day-to-day basis.

I've used it for one year.

No issues encountered.

No issues encountered.

No issues encountered.

9/10, based strictly on the limited experience with one person that I've had.

9/10, based strictly on the limited experience with one person that I've had.

We used freeware or third party apps (two or three of them), but we liked the consolidation of this product -- one interface, one screen -- to capture what the other applications were doing.

It was complex because we didn't know the product. It's pretty in-depth, but once we got familiar with the software it made a lot of sense.

We had the vendor help us implement, and they were 8/10.

As mentioned above, they need to improve their licensing, but it depends on what industry segment they're going after. Maybe introduce some kind more attractive bundle for SMB's to help them get started with the product.

We did, but I don't recall which ones.

Everyone's implementation will be different, so be very focused and deliberate in what you want to monitor, because you can inundate the system.

It is used as an alerting platform and has an availability manager.

We already have experience with Fortinet products, so dealing with Fortinet FortiSIEM is not complicated.

They should offer better visibility, more correlation tools and a better understanding of the network. Fortinet FortiSIEM already uses simple and standard protocols like SNMP, DuraMI and Syslog. Other solutions like QRadar use sFlow, so I think that they can do better.

In addition, the log collection and configuration management are not great.

We have been using this solution for three years. We deployed Fortinet FortiSIEM at about three customer sites, and it is deployed on-premises.

The product is stable.

It is a scalable solution.

We have expertise with the product, so we don't use technical support often. We only require support for the error mark, and the support is quick and fast for that.

The initial setup was simple, and we deployed Fortinet FortiSIEM in two days. We already had all the information regarding the customers' notes, and it was simple, quick and fast.

It is cheaper than LogPoint or QRadar.

I rate this solution a five out of ten. It is not as good as other solutions like QRadar, but it's cheaper than other products and very simple. In the next release, the visibility should consist of simple and standard protocols.

Regarding advice, if you don't have a dedicated team to handle your logs, don't have a big budget, and want a solution to correlate and collect logs from many vendors, Fortinet FortiSIEM is an excellent choice.

I use FortiSIEM for email events and security alarms.

FortiSIEM's best features are the dashboards and customization.

An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS. In the next release, FortiSIEM should implement a central repository.

I've been working with FortiSIEM for more than three years.

FortiSIEM's stability is quite good.

FortiSIEM is scalable, though this is constrained by the licensing model.

FortiSIEM's technical support is satisfactory, but its knowledge base could be better.

Positive

We used an in-house team and the local vendor.

FortiSIEM's licensing is based on EPS, and its pricing is competitive in the market.

I also evaluated LogRhythm and McAfee.

I would give FortiSIEM a rating of seven out of ten.

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

Its training can be improved. Its price also needs to be improved.

I have been using this solution for one year.

It has been good so far. We don't have any complaints about the tool.

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.

We primarily use the solution for integration with FortiGate Firewall. We use it for multiple authentification, malware detection, and protection from DDoS attacks.

The seamless integration with FortiGate is the solution's most valuable aspect.

When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement.

The solution should offer user behavior analytics in a future release.

The solution is stable.

We don't have any expansion requirements, so I've never looked into scalability.

We've never reached out to technical support. If we need assistance, we typically look for FortiGate documents or scan their blog site. We handle any problems internally.

We previously used an open-source solution called Elastic.

The initial setup is easy.

We received support from an integrator.

We evaluated AlienVault and SolarWinds. These were both within our limited budget, but we chose FortiSIEM because it integrated seamlessly with FortiGate firewall.

We use the on-premises deployment model.

I'd recommend this solution to companies that have a FortiGate firewall and are on a limited budget. 

I'd rate the solution six out of ten.

There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.

Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.

In general, the system is stable.

We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.

Customer Service:

Customer service is mediocre, but the relationship is improving with focused attention on customers.

Technical Support:

Technical support is good.

We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.

The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.

We implemented it with out in-house team.

We didn't evaluate other options as this was a direct, suggested replacement to MARS.

Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.

We use Fortinet FortiSIEM for security, a gateway, and for authentication.

The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls.

Fortinet FortiSIEM could improve by having a signature update.

I have been using Fortinet FortiSIEM for approximately 16 years.

Fortinet FortiSIEM is stable. However, it was not stable from the beginning.

Fortinet FortiSIEM is the best soltuions here in Thailand. There are many users and partners here.

There are 10 to 3,000 users in my company. Most of the users are specialists in IT. We plan to increase usage in the future.

I have used the technical support and they have been good.

I have used other solutions previously.

The initial setup of Fortinet FortiSIEM was easy. The deployment would take a few days for the middle and large models.

We need some information for the customer, such as policies, before we can implement the solution.

We do the implementation of Fortinet FortiSIEM. We use one IT specialist for the deployment and maintenance of the solution.

I would advise others this solution is easy to use and has a lot of features. They should try it out.

I rate Fortinet FortiSIEM a seven out of ten

• The automation piece -- its ability to dynamically discover which services need to be monitored and to automatically setup the appropriate monitoring.
• We also like the intelligence behind the alerting; we like the out-of-the-box rules that don’t require a lot of tuning.
• The product doesn’t require a lot of manpower, so there isn’t a lot of tuning or management overhead required for it.

We outsource a lot of our IT. We are able to monitor performance and security and to perofrm audits to ensure our outsourcing partners are doing what we are pay them for.

The way that upgrades are handled could be a bit cleaner. That might have been improved in the new version, but where we are, the upgrade process takes the system down for the period of the upgrade. So the lost data during that downtime can be frustrating.

I've used it for four years.

We did, but AccelOps were very, very helpful. I don’t think the product was configured or tuned for an environment as large as ours, so there were some performance issues at first, but they were very helpful and they had developers and engineers on the phone with us to help resolve those issues. They even used the experience with us as a test case to build improvements into the product.

No issues since the product was installed.

No issues since the product was installed.

Their sales people have always been helpful and friendly, and they’ve given us some things for free, like training. It’s been good. We’ve even had some of the higher-ups at AccelOps call us with new product offerings for us because they know our organization so well.

I would say it’s more on the average side. Once I can get someone engaged they’re good about getting the problem solved, but sometimes it’s hard to get someone on the line to help resolve your problem.

No, this is the first solution like this that we’ve had.

The setup was straightforward, but the performance issues we had were the biggest stumbling block. In terms of getting it out of the box and up and running, it really wasn’t difficult at all.

I did it myself in-house.

The pricing is very, very affordable. For the value you get, I think it’s about the cheapest solution on the market.

I think the biggest thing to understand is that it’s like a Swiss Army knife. You get a lot of tools for a lot of things, but don’t expect it to be a killer app in any one area.