Fortinet FortiSIEM Reviews

We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various security-related activities and features. In more ways, it becomes like a cloud solution to them. We make use of a secure connection from the clients’ networks using collectors located on their premises back to our centralized SIEM platform.

The most valuable feature is the differentiator, which has a combination of not only the SOC which covers the security operations aspect, but it also includes NOC capabilities. FortiSIEM uses PAM (Performance, Availability, and Monitoring) from an NOC perspective. So not only do you natively look at security data as most SIEM solutions, but you're also looking at the performance and the availability component of those devices. It's easy for us to coordinate if a security incident occurs. You're not only looking at security logs but you also looking at what could potentially have happened in terms of device performance. So that feature to me already makes it quite a big differentiator in the market, compared to other SIEM tools out there.

When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.

The solution is quite solid and stable.

The scalability component is easy. To add workers and even collectors is easy which is how we've deployed it, makes scalability much easier. We plan to grow our users into the thousands.

I never really used support from Fortinet for the FortiSIEM solution that frequent because I figured most of the stuff out on my own, but that being said, the Fortinet Support is great because I figured most of the stuff out on my own.

The initial setup was quite complex. We've had some issues with the first OVF file that we downloaded. We had to customize the installation processes. It was a bit complex in the earlier versions, but the newer versions have greatly improved. 

We use an on-premises deployment model from our perspective and a hybrid model from a customer/user perspective.

I will recommend this solution to others out there looking for a SIEM solution. I've already done a few events we were talk about FortiSIEM and its advantages. I do, however, think the main dashboard where you create and design your graphs could do with some improvement improved. On a scale from 1 to 10, I will rate this solution an 8 to ensure there’s continuous improvement.

We primarily use the solution for integration with FortiGate Firewall. We use it for multiple authentification, malware detection, and protection from DDoS attacks.

The seamless integration with FortiGate is the solution's most valuable aspect.

When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement.

The solution should offer user behavior analytics in a future release.

The solution is stable.

We don't have any expansion requirements, so I've never looked into scalability.

We've never reached out to technical support. If we need assistance, we typically look for FortiGate documents or scan their blog site. We handle any problems internally.

We previously used an open-source solution called Elastic.

The initial setup is easy.

We received support from an integrator.

We evaluated AlienVault and SolarWinds. These were both within our limited budget, but we chose FortiSIEM because it integrated seamlessly with FortiGate firewall.

We use the on-premises deployment model.

I'd recommend this solution to companies that have a FortiGate firewall and are on a limited budget. 

I'd rate the solution six out of ten.

We primarily use the solution for collecting logs and duo correlation on our customer's premises.

Both the collecting logs and duo correlation are valuable features for us.

Fortinet also offers very good pricing. Their pricing is incredible.

The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients.

They also have to improve their import perfection solution.

The solution is very stable, like all Fortinet products.

The solution is scalable.

Technical support is very good. They also provide you with additional materials to study the product by yourself so that you can get a better understanding of the full solution.

The initial setup is complex, mostly because of the security, not because of the product. Most of the security features in the installation process are difficult. They require tuning.  You have to be careful you don't configure something wrong. This is a complexity of the environment and the solution itself. The engineer should understand what the customer is looking for. The product might be very good, but if it is positioned in the wrong way, it can be harmful.

I did not evaluate other options; this solution was the decision of the customer. However, in the past, I have evaluated and worked with Splunk and IBM.

We use the public cloud deployment model.

I like the product, and I would recommend it, but I much prefer Splunk.

The beautiful thing about Fortinet is that they have integrated many, many solutions. Their platform is very powerful. In the case of the customer, if he decides to choose Fortinet, he'll largely be stuck with that one vendor. Fortinet does integrate with a few other vendors, but it's best if you use only their solutions. It's more efficient, you have more manageability and you get more value that way.

I would rate the solution seven out of ten.

The solution has an all-in-one approach. We buy one product and everything our customer needs is included. He doesn't have to pay any additional licenses to get more functionality, so everything is there and if we have to do any adjustments, it's also done very quickly and easily.

The solution can't be improved, but it can be managed more clearly. The solution just needs minor improvements. I'm quite sure Fortinet is already working on this.

They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI, there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution. 

The solution is very stable. It has run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install.

The initial setup is quite easy.

If we do an overall comparison with other products and also count additional licenses, which are necessary for other products, then the prices are comparative.

If we just leave it at base prices, for example, Splunk: Splunk is cheaper, but if you also count the price for licenses, reports, and other things - especially the megabytes and gigabytes of the lock data that you need - then it comes up to a much higher price than you have to pay for FortiSIEM which already includes these things in a base version.

I would rate the solution nine out of ten. Our clients have been very happy with the solution.

We use the on-prem deployment model of this solution. Our primary use case of this solution is for all of our infrastructure monitoring, applications, performance monitoring, and for security, incident, and event analysis. 

Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features. 

Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.

It should also have better integration.

It's a good product. It does what it is supposed to do. 

Scalability required a lot of training. If the training isn't adequate you cannot enjoy the end results.

There are currently around ten users using this solution. They are mostly system and network administrators using this solution. We don't have plans to increase the usage. We are going to switch to another product. 

We require two staff members for the deployment and maintenance. 

When you log a call, you don't get instant replies or if there is a bug they take ages to fix it and they ask you to hold.

We didn't previously use another SIEM solution. 

The installation is straightforward but the configuration is complex because it compromises of several aspects of the network infrastructure, servers, and the databases. You have to know what you want to gain out of this product. 

The deployment took around three months. There are a lot of dashboards to configure. It's not about just the installation. The planning phase and understanding what you want to get out of it, setting up the logs, and working on the correlations take time. 

We used a local integrator for the deployment. They were good. When you consider the other SIEM products, this isn't a popular solution. When we implemented it, we were with the solution before it was acquired by Fortinet. It was a hassle. 

Licensing is a one time cost. If you want to enable different modules then there will be additional costs. 

Properly review this solution and your requirements. See how it will scale up to cloud requirements. Cloud technologies are becoming more prominent and you should see how you will be able to manage it with this tool.

It's a good product but you need to be well trained. If you don't have good training then you won't maximize the benefits of this product. 

I would rate it a seven out of ten. 

We use the on-prem model of this solution. Our primary use case is for malware and behavior monitoring. We also use it to monitor system performance and user behavior. 

The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices. 

The performance can be improved. Sometimes it takes a long time to fetch data. 

It is very stable. 

Scalability is very good. We currently have 150 users using this solution. We don't have plans to increase usage at the moment. 

We implemented through Fortinet professional services. We were one of the first customers to implement the new version and it was a bit complex. I believe it has become easier. Deployment took them only a few hours. It didn't take a long time. 

I would rate it an eight out of ten. They should implement better behavior monitoring features to make it a perfect ten. It should also have better integration with their own products. They have a lot of interfaces for other products but it's not so easy to integrate their own devices. 

I would recommend this solution to someone considering it. 

We're using FortiSIEM as the main metadata server for all the security and infrastructure devices. We integrate a lot of nodes, switches, firewalls, and sandboxes with it to gain and covers performance, availability, change, and security monitoring aspects of network devices, servers, and applications.

FortiSIEM gives us a lot of valuable events and details by using a unified event-based framework to analyze all data including logs, performance monitoring data and provides a broad range of metrics.

The comprehensive view of the dashboard and the attribute base interface and the flexibility of implementation methods.

 The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format.

for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations.

I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .

Stability is the main feature we had looked for because of our environment, i.e. why we chose FortiSIEM. The stability is good. We just install a connector on the supervisor outside. 

With the stability of the connector, we faced some problems. The reseller asked us to reinstall the connector. The problem was with the reseller, not the connector.

We used the solution's technical support for a lot of cases and tickets. Their responses are very good, kind, and quick. 

They have a poor correlation. They didn't use any new concepts like Fortinet. They just display the logs as it is with no attribute base.

The initial setup with Fortinet FortiSIEM Accelops was not easy. We had faced a few problems. but I think Fortinet should give more training courses for their resellers.

We needed to find what the weak points were.  in our network. Our deployment took up to two months. 

We were looking to deploy a unique correlation between nodes. We wanted to track the packets from our clouds Services like cloud sandbox and anti-spam to log our end-to-end connections.

The reseller told us that they comply with our solution. After that, we figured out that it was not going to very easy. FortiSIEM doesn't support ATP Symantec. 

They also did not support our web gateway log format.

The interface is  easy to use but initial setup is not . The connector in the core has FortiSIEM support from the vendor. FortiSIEM supports a lot of vendors. It is a good product for us.

I rank it as eight on a scale from one to ten. because It doesn't support a lot of vendors and also the FortiSIEM still not common to use with fortinet partner maybe they doesn't give adequate training.

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

We used Fortinet consultants for the deployment.

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.