Fortinet FortiSOAR OverviewUNIXBusinessApplication

Fortinet FortiSOAR is the #14 ranked solution in SOAR tools. PeerSpot users give Fortinet FortiSOAR an average rating of 7.4 out of 10. Fortinet FortiSOAR is most commonly compared to Palo Alto Networks Cortex XSOAR: Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR. Fortinet FortiSOAR is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Buyer's Guide

Download the Security Orchestration Automation and Response (SOAR) Buyer's Guide including reviews and more. Updated: November 2022

What is Fortinet FortiSOAR?

Fortinet FortiSOAR (Security Orchestration, Automation, and Response) is a comprehensive security operations platform created to help SOC teams effectively respond to the growing volume of alarms, repetitive manual tasks, and resource shortage. This patented and customizable security operations workbench provides companies with automated playbooks, incident triaging, and real-time remediation to identify, defend, and counter threats. FortiSOAR effortlessly integrates with more than 350 security products and performs more than 3,000 actions to increase SOC team productivity. With this solution, response times are accelerated, containment is simplified, and mitigation times are cut from hours to seconds.

Fortinet FortiSOAR Features

Fortinet FortiSOAR has many valuable key features. Some of the most useful ones include:

  • Streamlined, role-based incident management: With the help of FortiSOAR's Enterprise Role-Based Incident Management solution, businesses can handle sensitive data in accordance with SOC rules and guidelines while maintaining strong field level role-based access control.
  • Visual Playbook Builder: FortiSOAR's Visual Playbook Designer enables SOC teams to efficiently create, build, debug, control, and deploy playbooks.
  • Truly multi-tenant: FortiSOAR is a truly distributed multi-tenant solution with a scalable, resilient, secure, and distributed architecture that enables MSSPs to offer MDR-like services while supporting operations in regional and global SOC environments.

Fortinet FortiSOAR Benefits

There are many benefits to implementing Fortinet FortiSOAR. Some of the biggest advantages the solution offers include:

  • Manage security alerts, incidents, indicators, assets, and tasks using a streamlined, user-friendly GUI.
  • By eliminating false positives and concentrating solely on the important alerts, the SOC team can work more productively.
  • Track ROI, MTTD, and MTTR with configurable reports and dashboards.
  • Automate using the Visual Playbook Designer's 3,000+ actions for automated workflows and connections and 350+ security platform integrations.
  • Reduce human error by using concise, auditable playbooks and custom modules to handle constantly changing investigative requirements.
  • From a single, collaborative console, scale your network security solution with a multi-tenant distributed architecture.
  • Detect real threats with automatic false positive filtering and forecast similar threats and campaigns with FortiSOAR's ML-powered recommendation engine.
  • Reduce repetitive activities by using automation, incident correlation, threat intelligence, and vulnerability data.
  • Utilize the built-in Incident War Room to streamline crisis management and collaborative P1 incident investigations.
  • Reduce the time it takes to find security incidents from hours to seconds.
  • Use the FortiSOAR mobile app to keep informed and make important decisions while you're on the go.
  • Utilizing the Connector Builder Wizard, you can quickly create and edit connectors within the product's user interface.
  • Flexible deployment options: VM, hosted, or cloud. Available on FortiCloud, AWS, Azure, and as management extensions on FAZ/FMG.

Reviews from Real Users

Another PeerSpot reviewer, a Vice President of Global Technology Infrastructure Automation at a financial services firm, notes of the product, “The most valuable feature is its centralization as you don't want to be going to different locations to correlate items or to piece anything together to derive meaningful insights.”

Zaidoon A., sales product manager at Nourneti, writes, “I like that the solution is integrated with FortiAnalyzer. The solution is scalable. The solution is stable.”

Fortinet FortiSOAR was previously known as CyberSponse, FortiSOAR.

Fortinet FortiSOAR Video

Fortinet FortiSOAR Pricing Advice

What users are saying about Fortinet FortiSOAR pricing:
  • "The solution offers both licensing and subscription models that are similar in price to other products."
  • "The price of the product should be lower. The brand value that Fortinet has, it has the reputation of being a reasonably priced product, and they have an enormous customer base in India. Most of the SME market is covered by FortiGate firewalls. It becomes an easy way for consultants, such as us, or even system integrators, to open the door with the Fortinet product lines."
  • Fortinet FortiSOAR Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    DejanBlagojevic - PeerSpot reviewer
    Presales Engineer at Exclusive-networks
    Reseller
    Top 5
    Mitigates breaches and attacks; eliminates human error
    Pros and Cons
    • "The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it."
    • "Fortinet's tech support overall is not great when they are at their best."

    What is our primary use case?

    The primary use case for our clients is deploying automatization component of FortiSOAR to help mitigate breaches or attacks without human error. The solution automates everything using the playbooks and pre-deployed response mitigation scenarios. Companies that can use this product may have an infrastructure team but may not be able to attract IT security talent. FortiSOAR helps them minimize human errors. I would say that this is most important and beautiful thing you can have in cybersecurity right now.

    What is most valuable?

    FortiSOAR's most valuable feature is its ability to correlate the products and vendors that do not have a native interconnection between them.

    What needs improvement?

    There is quite a bit of room for improvement with FortiSOAR's tech support. 

    For how long have I used the solution?

    I have been using FortiSOAR for the last year. It's brand new product. The product was published globally only about a year and a half ago. I got my first FortiSOAR project about a year ago.

    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    November 2022
    Find out what your peers are saying about Fortinet, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: November 2022.
    656,862 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    On a scale of one to five, with one being not stable at all and five being very stable, I give FortiSOAR a five for stability. 

    What do I think about the scalability of the solution?

    FortiSOAR is really easy to scale up or scale down.

    How are customer service and support?

    Fortinet's tech support overall is not great when they are at their best.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The initial setup is really difficult. To deploy, you need to have a huge amount of knowledge between multiple different technologies. You also need knowledge of domain controllers, data center architecture, network security, classic network components, cloud services, and more. You need to know pretty much whole system. Only then can you provide nice and useful playbooks that will automatically mitigate accounts being compromised or ongoing attacks between different technologies. It is not user friendly and it is not really easy to configure.

    Deployment would typically begin with the enumeration of whole system. We visualize all the elements of the system and ask questions like: How many identity providers are there? How many network components are there? Do these components have APIs enabled or not? How can the solution reach towards all these components and make adjustments and execute commands? It is important to deeply understand how the IT system is constructed. 

    After that enumeration period, we will start making connectors and then sending some commands towards them in specific cases. The second and third stages entail optimizing and fine tuning everything in one giant ecosystem. The last part is redefining the playbooks, which will mitigate attacks.

    The process outlined above takes just over a month. In cybersecurity, time is critical. If you take too long to deploy, you are basically leaving yourself open for an attack. Companies mostly buy security solutions after they have been breached or while they are under some sort of attack. This puts a lot of stress on the person implementing because the customer will always want it done ASAP. Therefore, in normal circumstances, a month for deployment is okay when you have time for some strategical thinking. But, you don't have that kind of time if your company is currently under attack.

    Most complex deployments will involve multiple teams from across the comany. You will always have one person from the network side, one person from DC side, one person from admin, and one person for external services. This will add up to seven people in most cases. 

    The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it. 

    What was our ROI?

    The product pays for itself nicely, but the issue is that you cannot sell that straight away. It is fairly new technology and people are not aware of the benefits that it gives. One a scale of one to five, with one being no ROI and five being excellent ROI, I give FortiSOAR a three.

    What's my experience with pricing, setup cost, and licensing?

    On a scale of one to five, with one being very affordable and five being very expensive, I would give FortiSOAR a three. 

    There are no hidden fees or external trade feeds. You do not have to deal with anything besides the license itself and support. 

    The licensing is flexible. You can buy a subscription-based license on a yearly basis or you can buy a perpetual license that will never expire.

    What other advice do I have?

    If a company already has multiple different teams covering things like networking, the data center, and SaaS services, and they are missing the one big link between, then FortiSOAR is the perfect solution for them. But, if the organization's maturity is low, I could recommend they use a solution like FortiSOAR as it requires a large amount of knowledge to run. There is not a single use case for FortiSOAR, but developed companies are best suited for a solution like this.

    However, as far as FortiSOAR itself is concerned, there is not much space for improvement. You can connect it to pretty much anything, which is the most important feature of this product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    Accessible with good centralization and a straightforward initial setup
    Pros and Cons
    • "The initial setup is straightforward."
    • "Technical support could be improved."

    What is our primary use case?

    Fortinet provides automation capabilities for event detection and remediation. It also provides a centralized QE where all the events are consolidated and correlated and it gives you visibility to the entire workflow of a specific threat event. It provides some remediation for the particular threats or alerts based on its profile of criticality.

    What is most valuable?

    The most valuable feature is its centralization as you don't want to be going to different locations to correlate items or to piece anything together to derive meaningful insights. We want to have a centralized QE for analytics, visibility, assessments, and decision-making and this solution allows for that.

    The other feature that I personally appreciate is its accessibility. You can integrate it with other systems within the environment such as ticketing systems or something for sending alerts and then creating tickets for the operations or security operations team. They can get alerted when these events happen so they can be aware of events and even start troubleshooting for the investigation if it is warranted. It can be integrated seamlessly with other internal systems.

    The initial setup is straightforward. 

    What needs improvement?

    The improvement would be to make it more user-friendly. They need to lower the learning curve. They should just make it more user-friendly, especially for non-technical people.

    Technical support could be improved.

    For how long have I used the solution?

    I've been using the solution for around four years. It's been a while. 

    How are customer service and technical support?

    Fortinet is good, however, as they get into security analytics, while their support is okay, sometimes it requires some hand-holding and their response is probably not as good as Palo Alto. They've got to get there eventually to improve their support model.

    Which solution did I use previously and why did I switch?

    I also use Palo Alto. We have both products in our work environment. We're using Palo Alto also for firewall and sending those logs to another security monitoring tool to make decisions based on analytics that it provides us.

    How was the initial setup?

    The initial setup is very straightforward and simple. It's not overly complex or difficult. An organization shouldn't have any issues with the process.

    What's my experience with pricing, setup cost, and licensing?

    I cannot speak to the exact pricing of the solution.

    What other advice do I have?

    I'm not sure which version of the solution we're using currently.

    I'd rate the solution at a nine out of ten. It compliments nicely with Palo Alto.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    November 2022
    Find out what your peers are saying about Fortinet, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: November 2022.
    656,862 professionals have used our research since 2012.
    Shahriar Atique - PeerSpot reviewer
    Director & CEO at Prime Net Limited
    Real User
    Beautiful fabrications and built-in connectors for integrating with many products
    Pros and Cons
    • "The solution is easy to implement and includes 450 built-in connectors."
    • "The technology and integrations are important so should continue to be enhanced."

    What is our primary use case?

    We use the solution as a middleware for orchestrations and integrations from a single console. 

    What is most valuable?

    The solution is easy to implement and includes 450 built-in connectors.

    You can push policies without needing to access the firewall. 

    It is easy to monitor an environment because alerts can be classified as low, medium, or high priority. 

    The fabrication, management, and communication across a single platform is beautiful. The end-to-end format handles switching endpoints, security, and firewalls. 

    What needs improvement?

    The licensing model could be better. 

    The technology and integrations are important so should continue to be enhanced. 

    For how long have I used the solution?

    Our company has been using the solution for one year in our test lab.

    For the last eight years, we have been one of the big Fortinet partners in the Bangladesh region. We partner with five of the world's premium products and implement any solution of interest to our customers. 

    What do I think about the stability of the solution?

    The stability and security are good in Bangladesh where Fortinet and Palo Alto are the top two products in the market. Mechanisms and situations are different by geographic location. 

    For example, the USA has different mechanisms than Bangladesh so their top products might differ. In the UK, maybe Sophos is the best product. It all depends on who uses it and the technologies available. 

    What do I think about the scalability of the solution?

    The solution is scalable. It is important to know how to size the solution and deploy it properly in the network or your client will suffer. 

    How was the initial setup?

    The setup is not complex. If you have familiarity with the technology, setup will be easy. 

    Nothing is tough or easy for any product, but knowledge should be clear about the solution.

    What about the implementation team?

    We implemented the solution in-house for our test lab. 

    What's my experience with pricing, setup cost, and licensing?

    The solution offers both licensing and subscription models that are similar in price to other products.

    Which other solutions did I evaluate?

    Our company works with many products including the solution, Cisco, Palo Alto, and Juniper. We assess our customer's network and recommend the best solution. 

    What other advice do I have?

    I recommend the solution because of its fabrications and built-in connectors that allow it to integrate with many products. 

    I rate the solution an eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Vivek Balaji - PeerSpot reviewer
    Technical Director - Cyber Security at a comms service provider with 1-10 employees
    Real User
    Top 5
    Price high, features need improvements, but good reputation
    Pros and Cons
    • "The reputation of the brand is very good."
    • "I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved."

    What is our primary use case?

    We are in the initial stages with the use of Fortinet FortiSOAR.

    What needs improvement?

    I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved.

    Most of its functionalities are yet to be operational, I have tried to click on the icons but they do not work.

    For how long have I used the solution?

    I have been using Fortinet FortiSOAR for approximately one year.

    What do I think about the stability of the solution?

    I would rate the performance of Fortinet FortiSOAR a 4 out of five.

    How was the initial setup?

    The initial setup is complicated. The APIs are not able to be used easily, they claim to have integration. When it comes up to the next firmware, there are some challenges.

    What's my experience with pricing, setup cost, and licensing?

    The price of the product should be lower. The brand value that Fortinet has, it has the reputation of being a reasonably priced product, and they have an enormous customer base in India. Most of the SME market is covered by FortiGate firewalls. It becomes an easy way for consultants, such as us, or even system integrators, to open the door with the Fortinet product lines. 

    The reputation of the brand is very good.

    What other advice do I have?

    You have a lot of Fortinet products. You can choose Fortinet FortiSOAR or you wait for them to improve the product a little more as it is needed.

    I rate Fortinet FortiSOAR a five out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    ZaidoonAbuhanak - PeerSpot reviewer
    SALES PRODUCT MANAGER at NOURNET
    Reseller
    Top 5Leaderboard
    Integration with FortiAnalyzer is good; unfortunately doesn't connect well with network devices
    Pros and Cons
    • "It's great that the solution is integrated with FortiAnalyzer."
    • "The solution doesn't connect well with the network devices."

    What is our primary use case?

    The primary use case of this solution is for security and for using FortiSOAR with FortiSIEM for connecting logs and analysis. We are resellers and partners of Fortinet. 

    What is most valuable?

    I like that the solution is integrated with FortiAnalyzer, it's the best feature. 

    What needs improvement?

    The solution doesn't connect well with the network devices, with FortiNAC. It's also a very expensive product and I've found that the Fortinet engineers don't have much experience with the product and they require training, particularly when dealing with enterprise organizations. 

    What do I think about the stability of the solution?

    The solution is stable.

    What do I think about the scalability of the solution?

    The solution is scalable.

    What's my experience with pricing, setup cost, and licensing?

    In general, this product is expensive. I think maintenance requires a minimum of three people.

    What other advice do I have?

    I recommend this solution. If a customer is looking at FortiSIEM, it's better to take FortiSOAR to reduce the number of people or the employees working and monitoring FortiSIEM. 

    I rate this solution six out of 10

    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Security Orchestration Automation and Response (SOAR) Report and find out what your peers are saying about Fortinet, Palo Alto Networks, Splunk, and more!
    Updated: November 2022
    Buyer's Guide
    Download our free Security Orchestration Automation and Response (SOAR) Report and find out what your peers are saying about Fortinet, Palo Alto Networks, Splunk, and more!