Coming October 25: PeerSpot Awards will be announced! Learn more
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 193

What needs improvement with Fortinet FortiSIEM?

Please share with the community what you think needs improvement with Fortinet FortiSIEM.

What are its weaknesses? What would you like to see changed in a future version?

PeerSpot user
26 Answers
Director, Infrastructure and Operations at a comms service provider with 11-50 employees
Real User
Top 20
10 August 22

Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire. The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work. The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.

Senior Product Manager at a financial services firm with 201-500 employees
Real User
Top 20
04 July 22

Fortinet FortiSIEM could improve to extend to several locations or sites.

Senior Security Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
16 June 22

It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM.

Abdul-MuminIddrisu - PeerSpot reviewer
CCO at oduma solutions ltd
Real User
Top 5
06 April 22

The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.

Cybersecurity Engineer at a tech services company with 11-50 employees
Real User
16 February 22

The graphs on the user interface could be improved as we often experience glitches.

ICT Architect at a insurance company with 51-200 employees
Real User
Top 5
21 December 21

Areas for improvement would be the ease of use and the integration with Fortinet's own products.

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,611 professionals have used our research since 2012.
ParveshDhurmea - PeerSpot reviewer
Assistant Engineer at Harel Mallac Technologies Ltd
Real User
Top 5Leaderboard
22 November 21

Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules.

Technical manager at a tech services company with 11-50 employees
Real User
Top 5
19 November 21

I would like to see more integration with other platforms.

Asst Programmer Data Center at a consultancy with 10,001+ employees
Real User
Top 20
18 November 21

We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files. The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.

RakeshNaganna - PeerSpot reviewer
Cyber Security Analyst at a retailer with 1,001-5,000 employees
Real User
Top 5
26 August 21

With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk. When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.

Security Engineer L1 at a media company with 10,001+ employees
Real User
07 August 21

There is no proper guide for integration or configuration. They need to improve the documentation library.

Sami Isoaho - PeerSpot reviewer
Principal Cloud Architect at Viria Security Oy
Real User
Top 10
03 June 21

This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.

Chief Technical Officer at a computer software company with 51-200 employees
Real User
01 April 21

I would like to see easier implementation in the future.

Partner at a security firm with 11-50 employees
Top 20
11 February 21

The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product. The policy editing should be easier. Right now, it's too hard. Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier. The product is quite expensive. It's something clients always comment on.

MarioBrito - PeerSpot reviewer
Pre-Sales Cybersecurity Solutions at ECSSA El Salvador
Top 20
03 February 21

Its training can be improved. Its price also needs to be improved.

Ishwor Shrestha - PeerSpot reviewer
Security Analyst at netfiniti
Real User
Top 20
04 December 20

The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed. You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process. It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option. The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.

Asst Programmer Data Center at a consultancy with 10,001+ employees
Real User
Top 20
15 July 20

The solution needs to be form flow diagram automatically with AWS platform

SahrahMohammed - PeerSpot reviewer
Network Security Engineer at Go Faster
Real User
30 June 20

This is a great product for everyone. The disadvantage is the product portfolio. We need more incidents automatically to protect our network. We need to see incident reports about the event log, without events from the administrator or through human interaction. In the next release, I would like to have automated generation reports of incident reports.

JoshuaGardner - PeerSpot reviewer
IT Executive: Operations & Security at Icon Information Systems (Pty) Ltd
Real User
13 November 19

When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.

Security Manager at BKL
Real User
07 November 19

When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement. The solution should offer user behavior analytics in a future release.

Solutions Consultant at a comms service provider with 51-200 employees
19 September 19

The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients. They also have to improve their import perfection solution.

PeerSpot user
Manager, ICT Enterprise Services at a government with 201-500 employees
Real User
19 August 19

Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great. It should also have better integration.

System Engineer / Network Consultant at a tech services company with 51-200 employees
18 August 19

The solution can't be improved, but it can be managed more clearly. The solution just needs minor improvements. I'm quite sure Fortinet is already working on this. They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI, there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution.

ICT Architect at a insurance company with 51-200 employees
Real User
Top 5
13 August 19

The performance can be improved. Sometimes it takes a long time to fetch data.

Smadi Huthaifa - PeerSpot reviewer
Network and Security Administrator at PETRA Engineering Industries Co.
Real User
26 June 19

The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format. for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations. I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .

it_user799953 - PeerSpot reviewer
Network Security Engineer at Spectrotel
Real User
11 June 19

The backup and recovery process for this solution needs improvement. I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

Related Questions
Brian Fortington - PeerSpot reviewer
Account Manager at Communications Design & Management Pty Limite
May 01, 2020
I am an account manager for a small tech services company that consults, delivers, and manages the technology needs of our clients. We have a FortiSIEM. What is the best way to configure Network Flow on it? Thanks! I appreciate your help. 
Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)
Nov 01, 2021
There are so many SIEM solutions out there and so much vendor hype in the market. Conducting an effective trial is really important! A number of community members are currently evaluating solutions. Do you have any advice for them about the best way to conduct a trial or POC?  How do you conduct a trial effectively?  Are there any mistakes to avoid?
2 out of 29 answers
Telecom Tech at a university with 501-1,000 employees
29 April 19
Yes, I would like to suggest you to start evaluate 2 to 3 SIEM products, needs to do the granular POC to test the Use Cases and verifying log method limitations or if there is any compatibility issues in regards to your log sources ( Logical domains). I would also suggest you to select the following SIEM products for your assessment.
Senior Security Engineer at a healthcare company with 10,001+ employees
29 April 19
To set yourself up for success you will need a set of Use Cases defined for your organization (in reality this statement applies for any product POC). Without Use Cases, a SIEM will likely end up languishing in your environment. These products are far from fire-and-forget, however I see this all to often in the industry. I'd also recommend having a Logging Standard (if you don't already) built prior as this will help you define how products interface and extract data from pertinent business systems. In the case of SIEM products, understanding how easy or difficult it was to implement the Use Cases will help you determine the best product for your organization. For help with Use Case development I highly recommend searching for talks by "Ryan Voloch" on YouTube. To help the POC be successful, don't try and boil the ocean with each product. Pick a small environment that you understand thoroughly and can wrap your arms around for the POC. Also make sure you have buy-in from any other teams responsible for managing systems in that environment. As a side-note: vendors will appreciate you having the above complete prior to approaching them for a POC. A good vendor will want a level playing field against competing products.
Download Free Report
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,611 professionals have used our research since 2012.