Fortinet FortiSIEM Reviews

This solution is used to detect irregular user and entity behavior using machine learning.

Fortinet FortiSIEM is easy to use.

I would like to see more integration with other platforms.

We have been providing Fortinet FortiSIEM for one year.

This solution can be deployed both on Cloud, and on-premises.

Fortinet FortiSIEM is a stable solution.

It's a scalable product.

Technical support is good enough. They were able to help us.

It is easy to install.

In one day, we were able to install this solution ourselves.

We only need one engineer to maintain this solution.

They have a yearly subscription.

I would rate Fortinet FortiSIEM a ten out of ten.

The CMDB and the device discovery features are most valuable.

I would like to see easier implementation in the future.

I have been using the solution for approximately five months.

Most of our clients are medium-sized businesses.

The technical support has been very good in helping us with issues we have been facing during the implementation of the solution. We are not finished yet but we are close.

The initial setup is not simple.

We are having some issues with the agent installation, it is requiring several reboots. This could be the system environment at the client site because in our lab the agent installation is straightforward and it does not require reboots. We are still working on this issue.

We are doing the implantation of the solution and it has a moderate level of difficulty.

I rate Fortinet FortiSIEM a seven out of ten.

We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various security-related activities and features. In more ways, it becomes like a cloud solution to them. We make use of a secure connection from the clients’ networks using collectors located on their premises back to our centralized SIEM platform.

The most valuable feature is the differentiator, which has a combination of not only the SOC which covers the security operations aspect, but it also includes NOC capabilities. FortiSIEM uses PAM (Performance, Availability, and Monitoring) from an NOC perspective. So not only do you natively look at security data as most SIEM solutions, but you're also looking at the performance and the availability component of those devices. It's easy for us to coordinate if a security incident occurs. You're not only looking at security logs but you also looking at what could potentially have happened in terms of device performance. So that feature to me already makes it quite a big differentiator in the market, compared to other SIEM tools out there.

When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.

The solution is quite solid and stable.

The scalability component is easy. To add workers and even collectors is easy which is how we've deployed it, makes scalability much easier. We plan to grow our users into the thousands.

I never really used support from Fortinet for the FortiSIEM solution that frequent because I figured most of the stuff out on my own, but that being said, the Fortinet Support is great because I figured most of the stuff out on my own.

The initial setup was quite complex. We've had some issues with the first OVF file that we downloaded. We had to customize the installation processes. It was a bit complex in the earlier versions, but the newer versions have greatly improved. 

We use an on-premises deployment model from our perspective and a hybrid model from a customer/user perspective.

I will recommend this solution to others out there looking for a SIEM solution. I've already done a few events we were talk about FortiSIEM and its advantages. I do, however, think the main dashboard where you create and design your graphs could do with some improvement improved. On a scale from 1 to 10, I will rate this solution an 8 to ensure there’s continuous improvement.

The granular monitoring capabilities. Also, it's very configurable.

It gives greater visibility via the dashboards into the real-time status of the network. Additionally, it also provides specific alerts and performance monitoring.

Some of the out-of-box dashboards could be more useful, as they’re not configured out-of-box. Some other products we’ve used give a lot more information right out of the box. With Accelops, we didn’t get quite enough useful information at the beginning. Ping monitors (STMs) are highly configurable, but it would be nice to have a simpler monitor to go with it, like a simple ping monitor. As it is, we have to go through three different processes and 30 minutes to get the ping monitor up with email notifications. It should have an easier way to configure some of these more common monitors.

I've used it for two years, but the firm has had the solution in place for longer.

The product is always stable, but there were a few bugs. During some of the upgrades, fixing one problem revealed another, so we had to go through several patch iterations to find a bug-free version that works for us.

None. Far more scalable than is required for us.

Great - we’d give it a 10/10.

6/10 - as far as the techs go, they are knowledgeable, but when trying to get a hold of a tech or have them call back, they weren’t responsive. It was one of my biggest frustrations with the product, and I started to look elsewhere for another solution at one point. Issues that could have been resolved in 30-60 minutes sometimes took months, but they have improved.

Just do your research – the product does a lot, but it may be more than you’re looking for. Also, be aware that it requires a lot of time to maintain, set up, and configure.

We use the product for threat detection.

There could be more AI features included in the product.

We have been using Fortinet FortiSIEM for more than two years.

I rate the platform's stability an eight and a half out of ten.

The technical support services need improvement.

Positive

They have released a new update recently. With the help of AVPN, users can log in from another country directly using CIM-based predefined rules. Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses.

I recommend other users to go with Fortinet FortiSIEM and rate the product an eight out of ten.

We use this solution to collect logs. 

The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers.

The graphs on the user interface could be improved as we often experience glitches. 

This is a stable solution. 

The customer service team needs additional experience and knowledge of the solution so the answers they provide are more accurate and helpful.

Neutral

We use this solution together with McAfee ESM which is a simple and robust solution. Its interface is better than SIEM. 

The initial setup was straightforward. The time it takes to complete the setup and deployment depends on the size of the environment and the number of EPS events per second.

This is a good solution but is fairly new so the support for it is not effective. Their support team does not have the experience to immediately solve issues. 

I would rate this solution an eight out of ten. 

It is provides extremely fast and flexible query of logs/events on the network. For example, it’s easy to write a quick query for all the “authentication” requests on the network, regardless of where they came from, i.e., during the past days, weeks or months.

The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature. It’s impossible to find an application that supports every device/manufacturer that we have. Thus, being able to write my own parsers for device logs, allows for greater scalability.

The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries. However, it does function well for our day-to-day operations.

We did experience some stability issues. The parser engine crashes often, but it does recover without any noticeable impact to the performance or service.

There were no scalability issues; the product scales well for us.

Support was very good when owned by AccelOps. I have not opened any recent cases with Fortinet since its buyout.

The setup was pretty complex, but we had great support from AccelOps.

I haven’t looked at the latest offerings or licensing models since Fortinet bought this product. Previously, AccelOps was looking to add other Tableau reporting modules for more complex reporting purposes. This was not attractive to us, due to the high cost of Tableau's licensing. Also, it required licensing for an event forwarding engine to be installed on the servers. The cost was getting high when we looked at licensing for 50-plus servers.

We only evaluated this solution and loved the capabilities that it offers. We decided to take a chance and I’m not sorry that we did. Overall, the experience has been very positive.

Make sure you size the solution to the number of devices and servers on the network. Don’t be afraid to add additional workers.

Try to avoid using WMA formats for log retrieval of the busy servers; this is extremely resource-intensive. Price out the event forwarding engine that they offer and add it to your budget.

We are trying to onboard some devices, which we will analyze using Fortinet FortiSIEM. 

Once it responds smoothly, we will onboard some clients with requests.

It's a very nice solution to work with. It is easy to understand.

There is no proper guide for integration or configuration. They need to improve the documentation library.

We are using the enterprise version in my organization. I have been using it for 30 to 40 days, but not more than two months.

We have contacted technical support. They are good and provide good resolutions.

The initial setup was straightforward.

I will definitely recommend this solution to others. I am still exploring it, as it is new to us. I need more time to analyze it further.

I would rate Fortinet FortSIEM a seven out of ten.