Fortinet FortiSIEM 3500G - security appliance
Mfg # FSM-3500G
CDW # 6493130
Know your gear
Fortinet has developed an architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts, and configuration changes. FortiSIEM essentially takes the analytics traditionally monitored in separate silos - SOC and NOC - and brings that data together for a comprehensive view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards, and ad-hoc queries.
FortiSIEM uses Machine Learning to detect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules. FortiSIEM helps identify insider and incoming threats that would pass traditional defenses. High fidelity alerts help prioritize which threats need immediate attention.
FortiSIEM build a risk scores of Users and Devices that can augment UEBA rules and other analysis. Risk scores are calculated by combining several datapoints regarding the user and device. The User and Device risk scores are displayed in a unified entity risk dashboard.
FortiSIEM uses Machine Learning to detect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules. FortiSIEM helps identify insider and incoming threats that would pass traditional defenses. High fidelity alerts help prioritize which threats need immediate attention.
FortiSIEM build a risk scores of Users and Devices that can augment UEBA rules and other analysis. Risk scores are calculated by combining several datapoints regarding the user and device. The User and Device risk scores are displayed in a unified entity risk dashboard.
Enhance your purchase
Fortinet FortiSIEM 3500G - security appliance is rated
4.10 out of
5 by
31.
Rated 5 out of
5 by
LENIN RAMIREZ from
Is used to set up rules and conduct threat hunting but has a limited layout
What is our primary use case?
We use this technology to configure and setup rules and conduct threat hunting.
How has it helped my organization?
Connecting all supported security technologies, such as firewalls from Palo Alto, Fortinet, and Check Point, is crucial. The platform needs to recognize logs coming from sources like Syslog. You might integrate an IPS or WAF for use cases like phishing. Whether on-premise or in the cloud, AD is especially important for providing context and supporting specific use cases. If FortiSIEM doesn't natively support a particular technology or cannot parse certain security logs, you can configure a custom parser to interpret those logs effectively.
What is most valuable?
It is used in analytics, providing powerful tools to obtain specific information. For instance, if you detect a potential OS DDoS attack, you can quickly search for detailed information about that threat. With features like threat hunting, you can query specific IP addresses and access extensive data.
Additionally, FortiSIEM allows you to match IPs with threat intelligence feeds from sources like Kaspersky or Anomali, adding valuable context. The platform also simplifies rule configuration, making setting up rules for specific use cases easy and highlighting its effectiveness as a robust security solution.
What needs improvement?
When an alert triggers in Fortinet FortiSIEM, the layout or format can feel limited; the template you configure for alerts offers only a few specific fields, which can be restrictive. It would be much better if the technology supported more fields or allowed for greater customization, making it more versatile for managers to tailor alerts according to their specific use cases. This limitation is a weakness of the platform.
For how long have I used the solution?
I have been using Fortinet FortiSIEM as a partner for two years.
What do I think about the scalability of the solution?
600 users are using this solution.
To effectively plan for the future, it's important to anticipate how much the organization will grow. Considering Fortinet's MSSP model, you need to estimate how many clients you'll acquire and how much your client base might expand. For a single organization, it's crucial to understand how many users you'll be adding during that period to ensure the system can scale accordingly.
How are customer service and support?
Support responds very slowly.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used ArcSight. Fortinet stands out because it supports a broader range of technologies, allowing for greater integration within a system. Another key advantage is its robust analytics, making it easier to obtain specific information consistently.
How was the initial setup?
The initial setup is easy. If you want to deploy FortiSIEM on-premise, you need to purchase a specific appliance or install it on your hardware. I have deployed FortiSIEM both on-premise and in the cloud, managing both environments effectively.
Deployment depends on the architecture since FortiSIEM uses various components, such as the supervisor, event collector, and worker. It can be set up in just one day if you're deploying it as an all-in-one solution.
What about the implementation team?
I did the deployment alone.
What's my experience with pricing, setup cost, and licensing?
Pricing is moderate.
What other advice do I have?
Maintenance depends on the number of log sources configured and the overall architecture. The system's load must be considered to monitor all components and handle upgrades or fix specific features. Managing the system typically requires just a couple of people for an all-in-one deployment with around ten to twenty log sources.
Overall, I rate the solution a seven out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2024-08-27T00:00:00-04:00
Rated 5 out of
5 by
Johan Ortiz from
Audits servers, handles vulnerability detection and correlates traffic
What is our primary use case?
Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.
What is most valuable?
It detects new technologies, vulnerabilities, and emerging threats on the internet.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for four years.
What do I think about the scalability of the solution?
500 users are using this solution.
How are customer service and support?
The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.
How was the initial setup?
The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.
I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.
What about the implementation team?
Our provider does the deployment and maintenance.
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
It has a good price and is more competitive than the others.
What other advice do I have?
If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.
Overall, I rate the solution an eight out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2024-08-20T00:00:00-04:00
Rated 5 out of
5 by
SreejeshSoman from
Helps collect security logs from all network devices
What is our primary use case?
I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.
What is most valuable?
The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products. The tool has an endless number of templates, so based on a customer's use case, we can choose the templates, create the report as per compliance, and submit it to management for higher visibility.
What needs improvement?
With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily.
The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for more than ten years. I am an integrator of the solution. I use Fortinet FortiSIEM 7.0.0.
What do I think about the stability of the solution?
From the application perspective, yeah, I think it is a stable tool most of the time, but we have met some issues with the database sometimes. Stability-wise, I rate the solution a nine out of ten.
What do I think about the scalability of the solution?
It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.
I think around ten customers of my company use the tool.
My customers are medium and enterprise-sized businesses.
How are customer service and support?
The solution's technical support has been a nightmare. I rate the technical support a four or five out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten. It is not very complicated, but a tech person who has the expertise to install and scale implement all these features would be required to implement the tool.
The product's installation model depends on the company's compliance and IT policies. Most customers prefer implementing an on-premises model. When considering commercial and upfront investment, customers are ready to go for cloud solutions as well. But in my experience, most customers prefer to implement an on-premises model.
The time required to deploy the solution depends on how big your network is currently. It might take two days to up to two weeks, so that is the normal project implementation time. It is always based on how big our network is and how we know our network. If customers have good visibility and understanding of their network, good access, and all the authentication paths, the integration will be much easier. In some cases, it might take more than two weeks. On average, I think it will take one to two weeks to complete installation.
The deployment of the tool is always for the SOC part of a company. It is used for real-time network analytics.
For the deployment, we discuss all the requests or use cases with the customer and understand their network topology. Most of the time, we access their platform for installation, and so we deal with virtualization platforms, like VMware ESXi, and based on that, we will download the SIEM pack from Fortinet. Once the installation has been completed, we try to find all the devices in the network that we need to monitor so we can enable all those processes. It is the normal deployment procedure we are following for implementation. Once the primary implementation has been completed based on customer use cases or complaints, we might create those dashboards and templates for reporting.
What's my experience with pricing, setup cost, and licensing?
If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap.
What other advice do I have?
For threat detection, some AI-based analytics tools are there, and it is one of the latest features in the product. The AI helps mitigate threats.
In terms of the tool's ability to streamline customer security workflow, the product normally searches events in real-time, so customers will get alerts of the event in real-time. Compared to other products like Splunk or Oracle, I think Fortinet FortiSIEM is more reliable in real-time.
If there is proper support and better technical capabilities, it can become a good solution.
I rate the tool an eight out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:integrator
Date published: 2024-09-18T00:00:00-04:00
Rated 5 out of
5 by
reviewer2535720 from
It offers a complete analysis of the environment, but it is expensive
What is our primary use case?
I use the solution in my company for our client, which is a big university in Tunisia, and they have many servers and virtual machines. The university has to prevent attacks by making sure that they can stop the attack at the beginning. Fortinet is good for knowing if any of the equipment in the network has been attacked like ransomware or something, and we can stop the attack and secure the network.
What is most valuable?
The tool's most valuable feature stems from the fact that I can see a complete analysis, like all the incidents that have happened, and it detects everything in real-time. It lets you know of the attack in real-time. The tool sends alerts and reports, so I think it is a useful tool.
What needs improvement?
There is a port in Fortinet FortiSIEM. If something happens, you have to enter events and create a rule to stop the attack, which I think needs to be made automatic. If any incident occurs, I hope that Fortinet FortiSIEM does the work automatically without the intervention of a human or an IT admin.
I don't want to create a rule to stop an attack. Lately, many people have been trying to access the VPN, and they are not even registered with our firewall. The team detects issues but doesn't do anything. I have to create a rule to include the addresses and details of the people who want to access the VPN in the block list, but I want the tool to do all this without me.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for two months. My company has a partnership with the solution.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
The tool is scalable enough to do what you really want.
My clients run big businesses.
How are customer service and support?
The solution's technical support didn't help our company a lot. When it came to Fortinet FortiSIEM, we added the devices, and started making rules, but when we asked a question to the tool's support team, it took them a long time to answer. I rate the technical support a five out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
At the beginning the product's initial setup phase was complex. Lately, since I have started to understand the tool, the setup phase has become easy.
The solution is deployed on an on-premises model with VMs in a local data center.
The solution can be deployed in four days. One day is for installing the VMs, one day is for understanding the tool's dashboard and its rules, one day is for installing the agents and adding the equipment, and one day is for seeing what the clients want exactly.
What's my experience with pricing, setup cost, and licensing?
The tool is really expensive. For what the tool does for our team, the price is fair.
What other advice do I have?
As my company did not fully complete everything, the installation is not stable 100 percent.
In terms of Fortinet FortiSIEM's uptime and system stability, the tool can do detection in real-time. I think it is available for users all the time.
Those who have many servers and equipment can use SIEM so they can manage. It helps a person to see what equipment has incidents and how to prevent an attack before it happens. You can't manage much equipment, like 15 VMs or servers, by yourself. You need solutions to do that and give you alerts if anything happens.
As the product is not automated enough, I rate the tool a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2024-09-05T00:00:00-04:00
Rated 5 out of
5 by
Nikesh Kakshapti from
Has auto-discovery feature and helps with centralized log collection
What is our primary use case?
The primary use case of FortiSIEM for my client is to provide comprehensive security information and event management (SIEM) capabilities. It is used to monitor, detect, and respond to security incidents across the client's network by aggregating and analyzing logs, events, and other data from various sources. FortiSIEM enables real-time threat detection, compliance reporting, and overall visibility into the security posture, helping to identify potential risks and take proactive measures to protect the organization's infrastructure.
How has it helped my organization?
Fortinet FortiSIEM has positively impacted my client's organization by enhancing their ability to monitor security incidents in real time. The solution has provided comprehensive visibility into the network, allowing for quicker identification of potential threats. FortiSIEM's integration with various systems to collect different types of logs and its ability to correlate data from multiple sources have been particularly valuable in reducing the time spent on manual analysis and increasing overall security efficiency.
What is most valuable?
The most valuable feature is auto-discovery. When you send logs from various device to FortiSIEM it automatically detects and maps all devices, across the network, providing a comprehensive and up-to-date inventory of the IT environment
It's agent-based UEBA enhances security monitoring by utilizing agents installed on endpoints to collect detailed user activity data.It offers deeper insights into user behaviors, improving anomaly detection accuracy.
It's out-of-the-box compliance reporting features significantly ease the burden of regulatory compliance for organizations by offering pre-built report templates aligned with industry standards. Automated report generation minimizes manual effort and reduces the risk of errors, while customizable reporting allows organizations to tailor reports to specific needs.
What needs improvement?
One area where FortiSIEM could improve is in its custom normalizer/parser capabilities. While FortiSIEM offers powerful event correlation and log analysis features, creating and customizing normalizers can be complex and time-consuming.
Improving the user interface for building custom normalizers, along with providing more intuitive tools or templates, would make it easier for security teams to tailor the solution to specific needs. Enhancements in this area would enable quicker adaptation to unique log formats and data sources, allowing for more accurate event parsing and better overall performance in diverse environments.
Additionally, the search functionality could be less confusing. Streamlining the search experience and providing clearer guidance or examples would help users quickly find the information they need, ultimately improving the overall usability of the platform. These enhancements would facilitate quicker adaptation to unique log formats and more efficient event analysis, leading to better performance in diverse environments.
For how long have I used the solution?
I have used the solution for two years.
What do I think about the stability of the solution?
I rate the solution's stability a seven point five out of ten.
What do I think about the scalability of the solution?
Regarding scalability, it's better for vertical and horizontal scale-up, but expanding log sources isn't very easy due to the licensing model.
How are customer service and support?
The support team was great, technically proficient, and helped with numerous bugs.
How would you rate customer service and support?
Positive
How was the initial setup?
The installation and setup can be tough, requiring planning for hardware segregation and log volume. However, the installation isn't too difficult if you have clear requirements.
What other advice do I have?
For those interested in using Fortinet FortiSIEM, I'd advise planning your hardware specifications and considering backup and archives to prevent log loss. It's worth the money for what they've developed.
It's difficult for beginners to learn, mainly because of Fortinet FortiSIEM's specific queries and the lack of a user-friendly environment. Understanding these queries to find your desired logs can be challenging for newcomers.
I'd rate Fortinet FortiSIEM an eight out of ten because it's powerful and simple.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner/Reseller
Date published: 2024-08-23T00:00:00-04:00
Rated 5 out of
5 by
Vishwajeet Pandey from
Efficient monitoring tool consolidating network events for streamlined management
What is our primary use case?
FortiSIEM is primarily used as a monitoring tool that can monitor all the incidents and events occurring in the network. The main concern of the customer is to view all the events and incidents on a single pane where everything can be managed.
How has it helped my organization?
FortiSIEM is very efficient and helps discover all the points of incidents, identifying users that create loopholes in the network and determining potential points of contact.
What is most valuable?
The most valuable feature is the ability to view all the network events on a single pane and find the point of contact or point of the incident. Along with FortiSIEM, a solution can be provided, which is a feature I admire.
What needs improvement?
There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore.
For how long have I used the solution?
I have approximately one year of experience working with FortiSIEM.
What do I think about the stability of the solution?
I rate the stability of the solution as nine out of ten.
What do I think about the scalability of the solution?
The scalability of the solution is rated eight out of ten.
How are customer service and support?
I rate the technical support provided by Fortinet as nine out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup can vary from being easy to moderate depending on the network size. If the network is small, it might be easy. That said, if it's semi-small or semi-large, it's a moderate setup.
What's my experience with pricing, setup cost, and licensing?
The pricing of FortiSIEM is moderate; it is neither very costly nor very cheap.
What other advice do I have?
I can recommend FortiSIEM, but it depends on customer needs, network size, and preferences. Customers can also consider replacing a physical SOC team with FortiSIEM.
I'd rate the solution eight out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2024-10-30T00:00:00-04:00
Rated 5 out of
5 by
Muhammad Tayyab from
Maps threat vectors and IOCs on the MITRE framework to identify the kind and magnitude of a threat and the techniques used
What is our primary use case?
Mainly, we are configuring various correlation rules in FortiSIEM to detect various types of cyber threats and cybersecurity attacks, particularly brute force attacks, denial of service attacks, and distributed denial. We are using it to identify suspicious activities by internal staff as well as outsiders, for any type of intrusion.
What is most valuable?
The most fascinating aspect of FortiSIEM is its integration with the MITRE ATT&CK framework. It maps threat vectors and IOCs on the MITRE framework to identify the kind and magnitude of a threat and the techniques used. This allows us to take requisite measures using the SOAR solution or by involving our team of SOC analysts and incident responders.
What needs improvement?
FortiSIEM is a bit resource-hungry, so work should be done on hardware resource utilization to consume less hardware. Another major problem is its licensing model, which initially required separate licenses for devices, agents, and EPS.
Recently, they revised it to a subscription-based, all-inclusive license. There is also some latency observed in generating correlation alerts, which should be improved for quicker responses.
For how long have I used the solution?
We have been using it for almost one year.
What do I think about the stability of the solution?
FortiSIEM is a reliable product. Multiple times, the server abruptly shut down, but no critical or major issues were observed after power outages. It stabilizes itself in an appropriate time, so its uptime is good.
What do I think about the scalability of the solution?
FortiSIEM is a scalable model. At any point in time, when network devices increase or there is a change in the infrastructure, we can add more workers and collectors to expand our infrastructure setup.
How are customer service and support?
Technical support in my city, specifically in Islamabad or Rawalpindi, is decent. I would rate it seven out of ten.
Local tech support is available, however, for more critical or technical issues, we depend on the OEM directly, especially when it comes to on-prem solutions.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial installation requires some tech knowledge. You should have prior understanding of modules, collectors, workers, supervisors, and databases. However, after installation, it's really easy to operate.
What's my experience with pricing, setup cost, and licensing?
Fortinet FortiSIEM is high-priced. Previously, its licensing model required separate licenses for devices, agents, and EPS, which was quite rigid. The revised model is subscription-based and more flexible.
Which other solutions did I evaluate?
Compared to FortiSIEM, LogRhythm is a good competitor. QRadar is also a nice product, working equally well in our region.
What other advice do I have?
I would rate FortiSIEM eight out of ten. It's a nice product and is used by major governmental infrastructures and organizations. I would definitely recommend it to other users.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2024-11-26T00:00:00-05:00
Rated 5 out of
5 by
reviewer1051230 from
Plenty of features, reliable, but more frequent updates needed
What is our primary use case?
We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.
What is most valuable?
We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.
What needs improvement?
We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.
The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for two and a half years.
What do I think about the stability of the solution?
It's a foolproof solution for our requirements, it is stable.
What do I think about the scalability of the solution?
The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.
We have approximately 25 security engineers using the solution and approximately 10,000 end users.
We do not have plans to increase the usage of the solution at this time.
How are customer service and support?
I would rate the support of Fortinet FortiSIEM a four out of ten.
Which solution did I use previously and why did I switch?
We previously were using the Juniper STRM, but Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.
How was the initial setup?
The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.
What about the implementation team?
We had help from the Fortinet team for the implementation team.
What was our ROI?
We have received a return on investment by using this solution.
What's my experience with pricing, setup cost, and licensing?
The price of Fortinet FortiSIEM is a lot less when compared to other solutions.
What other advice do I have?
My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.
I rate Fortinet FortiSIEM a six out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-11-27T00:00:00-05:00
Rated 5 out of
5 by
Abdul-MuminIddrisu from
Effective multi-tenancy, helpful support, but interface could improve
What is our primary use case?
We are using Fortinet FortiSIEM for multi-tenant SOC service.
Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.
How has it helped my organization?
Fortinet FortiSIEM has helped us achieve our goal of serving multi-tenant SOC services. We're able to serve multiple clients at the same time.
What is most valuable?
Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.
What needs improvement?
The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for one year.
What do I think about the stability of the solution?
Fortinet FortiSIEM is stable.
What do I think about the scalability of the solution?
The scalability of Fortinet FortiSIEM is good.
How are customer service and support?
We have contacted the support a number of times and they were helpful.
How was the initial setup?
The initial setup of Fortinet FortiSIEM is straightforward. It took us approximately two weeks.
What about the implementation team?
We did the deployment in-house. We had two people for the implementation.
What was our ROI?
We are using Fortinet FortiSIEM to serve clients, and we are receiving our return on investment from them.
What's my experience with pricing, setup cost, and licensing?
The price of Fortinet FortiSIEM was reasonable compared to other solutions.
There are many licenses required, such as the MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent license that you need. If you use any Windows Agent, you receive a separate license charge.
What other advice do I have?
We started using Fortinet FortiSIEM because we were recommended to use it by a trusted source.
My advice to others would be to carefully look at the cost involved, and look closely at the licensing model. If it's a model that works for you, then great. However, it came as a surprise to us, we were told that we would be giving different licenses for the devices, and for the Windows Agent separately. We were not expecting the additional costs, it caught us off guard.
I rate Fortinet FortiSIEM a six out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-04-11T00:00:00-04:00
Rated 5 out of
5 by
reviewer1061847 from
Good solution for security detection and response
What is our primary use case?
My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.
How has it helped my organization?
Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.
What is most valuable?
Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.
What needs improvement?
Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.
The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for two years.
What do I think about the stability of the solution?
Stability is very good.
What do I think about the scalability of the solution?
Fortinet FortiSIEM is scalable.
How are customer service and support?
Technical support is perfect.
How was the initial setup?
The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.
What about the implementation team?
We use an integrator for the deployment of Fortinet FortiSIEM.
What's my experience with pricing, setup cost, and licensing?
The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.
What other advice do I have?
Before fitting the product into your environment, make sure you have the right requirements.
I would rate Fortinet FortiSIEM a 9 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-01-23T00:00:00-05:00
Rated 5 out of
5 by
reviewer773925 from
Never crashes but lacks integration with Fortinet products
What is most valuable?
The most valuable feature is the anomaly-reporting alarms.
What needs improvement?
Areas for improvement would be the ease of use and the integration with Fortinet's own products.
For how long have I used the solution?
I've been using this solution for three years.
What do I think about the stability of the solution?
This is a very stable product - we have never had a crash with it. It does use a lot of resources, but this doesn't affect its performance.
What do I think about the scalability of the solution?
The scalability is ok and is improved by using Elasticsearch.
How are customer service and support?
The technical support has improved a lot and is now ok.
How was the initial setup?
The initial setup was a little difficult because no good guidelines were available. However, this has since been improved. It took around six months to finish a complete deployment.
What's my experience with pricing, setup cost, and licensing?
I have a five-year contract for this product, with no additional costs.
What other advice do I have?
I would give this solution a rating of seven out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-01-05T00:00:00-05:00
Rated 5 out of
5 by
SrikanthS from
A stable solution with an awesome IP database
What is our primary use case?
We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.
What is most valuable?
The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.
What needs improvement?
When our team tried configuring logs for Microsoft SQL, it did not work.
The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.
For how long have I used the solution?
I have been using the solution for the past four to five months.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.
How are customer service and support?
My team members contacted the support team, and they helped us configure a few things.
How was the initial setup?
My team did not face any issues during configuration.
What other advice do I have?
I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-05-03T00:00:00-04:00
Rated 5 out of
5 by
HamedWasel from
It's cheaper than other solutions with the same features but lacks integration with many third-party vendors
What is our primary use case?
I am part of the team that implements the solution, and we hand it over to the operations team. We use FortiSIEM to ingest logs. The customer provides us with the IPs for the log sources, and we add them to the FortiSIEM dashboard. We can check the logs for signs of malicious access from outside devices and set rules based on the customer's preferences.
What is most valuable?
FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents.
What needs improvement?
FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors.
I would also like to see FortiSIEM add more of the features available in FortiSOAR. You need to buy two separate solutions to get these features, but they should all be available in one product.
For how long have I used the solution?
I have used FortiSIEM for two years.
What do I think about the stability of the solution?
We haven't had any issues with stability aside from the problems associated with integrating FortiSIEM with third-party vendors.
What do I think about the scalability of the solution?
We haven't scaled FortiSIEM much until recently. Our customers typically implement it on one node, so I'm not sure how easy it is to scale. We often work with large enterprise companies, so we've used the solution in healthcare. For example, we deployed FortiSIEM at a children's cancer hospital in Egypt. We also used it for banking clients, including an investment bank.
How are customer service and support?
Fortinet support is helpful.
How was the initial setup?
Deploying FortiSIEM is straightforward. Most of our customers prefer the on-prem version over the cloud.
Which other solutions did I evaluate?
Other vendors like IBM QRadar are more effective than FortiSIEM for a SOC use case because they specialize in that area. I would recommend that if you are trying to build a large SOC team.
What other advice do I have?
I rate FortiSIEM seven out of 10. I strongly recommend this solution for customers who are using Fortinet products. It offers the same features as other vendors, but it's less expensive. However, some other SIEM solutions are more effective.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2023-04-05T00:00:00-04:00
Rated 5 out of
5 by
TamimKhan from
The solution's ability to collect data from different sources is its most valuable feature
What is most valuable?
The solution's ability to collect data from different sources is its most valuable feature.
What needs improvement?
They should enhance the solution's AI capabilities, including XDR and EDR.
For how long have I used the solution?
We have been using the solution for six months.
What do I think about the stability of the solution?
I rate the solution's stability as a nine.
What do I think about the scalability of the solution?
I rate the solution's scalability as an eight. It works well with medium to large-scale enterprises.
How are customer service and support?
The solution's tech support team is good.
How was the initial setup?
The solution's initial setup is a bit complex as you have to do a lot of configuration. You have to collect data from different sources such as Microsoft, IBM, etc. The data extraction process differs for every system. Thus, you have to apply different protocols to collect data from various sources.
What other advice do I have?
The solution has a lot of network solutions in its bucket. As a result, they provide excellent network strength. I advise others to know the product well before implementing it. I rate it as an eight.
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2023-03-29T00:00:00-04:00
Rated 5 out of
5 by
Alain ClovisBapfunya from
It integrates well with solutions by the same vendor and other popular third-party vendors
What is our primary use case?
I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center.
What is most valuable?
I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics.
What needs improvement?
The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.
What do I think about the stability of the solution?
I rate FortiSIEM eight out of 10 for stability.
What do I think about the scalability of the solution?
FortiSIEM is highly scalable, but you need to consider the costs. It will be expensive if you want to scale it up.
How are customer service and support?
We rely on Fortinet support, and their response times have room for improvement. They can take a while to respond sometimes.
How was the initial setup?
Setting up FortiSIEM is straightforward because they provide you with a step-by-step guide that covers installation and troubleshooting. The deployment time depends on your setup and what you need to integrate. It can take days or weeks, but we can typically finish in under a week.
There isn't a single one-size-fits-all implementation because some clients have mixed environments, and we need to develop a custom solution if we are working on multiple fabrics.
What's my experience with pricing, setup cost, and licensing?
You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money.
What other advice do I have?
I rate FortiSIEM eight out of 10. My only advice is to understand your environment and learn as much as you can about SIEM before implementing the solution. I started by building open-source solutions from scratch, which gave me a big picture view of how to implement SIEM solutions and work with fabrics. You need to learn the basics about how to set rules and interpret logs.
Disclaimer: My company has a business relationship with this vendor other than being a customer:Implementer
Date published: 2023-03-29T00:00:00-04:00
Rated 5 out of
5 by
Andre Boettcher from
It's a good tool for making security processes transparent
What is our primary use case?
FortiSIEM combines information from operations and integrates it into management.
What is most valuable?
FortiSIEM is a great tool for making security processes transparent.
What do I think about the stability of the solution?
I rate FortiSIEM 10 out of 10 for stability.
What do I think about the scalability of the solution?
I rate FortiSIEM nine out of 10 for scalability.
How was the initial setup?
Setting up FortiSIEM is straightforward. I prefer this product in the Fortinet environment. It's easy to install and configure.
What's my experience with pricing, setup cost, and licensing?
FortiSIEM might be considered expensive in some markets. We have an international customer base, and it's affordable for a lot of them.
However, customers in some markets cannot build a suitable use case around it. But it's not because of the product. It often depends on customers' operation organization.
You also need some operation and security knowledge to make a professional management decision.
A company needs to work with the consultants and distributors who are delivering the environment and necessary support.
What other advice do I have?
I rate Fortinet FortiSIEM nine out of 10.
Disclaimer: My company has a business relationship with this vendor other than being a customer:partner
Date published: 2023-03-13T00:00:00-04:00
Rated 5 out of
5 by
SrikanthS from
An authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same
What is our primary use case?
We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.
What is most valuable?
Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.
What needs improvement?
Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.
Fortinet FortiSIEM's database monitoring could be made easier, like the servers and the security devices.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for the past four to five months.
What do I think about the stability of the solution?
Fortinet FortiSIEM is a stable product.
What do I think about the scalability of the solution?
Fortinet FortiSIEM is a scalable product. We initially configured five devices, and then we could scale it to twenty. There could be some issues if the device count goes up to hundreds and thousands. Around 10 to 15 engineers use Fortinet FortiSIEM in our company.
What other advice do I have?
Overall, I rate Fortinet FortiSIEM an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-05-08T00:00:00-04:00
Rated 5 out of
5 by
Kumar Vaibhav from
Useful behavior data monitoring, helpful support, and different deployment methods available
What is our primary use case?
Fortinet FortiSIEM is used to retrieve logs from different sources, such as network switches, firewalls, and servers, that are running difficult operating systems. The solution adds intelligence to the process that can provide meaningful information for the data analyst to use.
The solution can be deployed on the cloud or on-premise.
What is most valuable?
The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted.
What needs improvement?
The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for a couple of years.
What do I think about the stability of the solution?
The stability of Fortinet FortiSIEM is stable.
I rate stability Fortinet FortiSIEM an eight out of ten.
What do I think about the scalability of the solution?
Fortinet FortiSIEM is known for its scalability, it scales well.
We have a couple of customers using this solution.
I rate the scalability of Fortinet FortiSIEM a nine out of ten.
How are customer service and support?
The support from Fortinet FortiSIEM is great.
How was the initial setup?
The initial setup is easy, but the time it takes for the deployment depends on the number of applications monitored. One of our clients has taken us three weeks, but a typical setup takes one month. Some logs are simple to configure while others can be more difficult.
Deploying the solution is a straightforward process that involves just a few steps, such as loading the solution and configuring it, after which the solution will commence retrieving the data.
What about the implementation team?
We do the implementation of the solution with two administrators within one month.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license.
What other advice do I have?
My advice to others that might want to implement this solution is to know their business needs. There are other solutions, such as Splunk that can provide a lot more information when collecting data but it might not be needed for their use case. A small business would not need all the extra features of Splunk.
I rate Fortinet FortiSIEM an eight out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2023-04-16T00:00:00-04:00
Rated 5 out of
5 by
Niranjan Singh from
Less costly than other products, but needs more marketing
What is our primary use case?
We have an MSSP license and provide services to customers from various verticals like manufacturing, pharmaceutical, and MRD (Manufacturing, Retail & Distribution). We provide the services of Fortinet FortiSIEM to customers who cannot avail of costly on-premise services.
What is most valuable?
Fortinet FortiSIEM is less costly than other products and is available 24/7.
What needs improvement?
Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market.
For how long have I used the solution?
We have been using Fortinet FortiSIEM for almost one and a half years.
What do I think about the stability of the solution?
The stability of Fortinet FortiSIEM is good.
What do I think about the scalability of the solution?
Fortinet FortiSIEM has good scalability.
How are customer service and support?
I have faced no issues with Fortinet FortiSIEM’s customer support.
How was the initial setup?
The deployment of Fortinet FortiSIEM, which included the migration of 30 plus customers and the initial setup of all components, did not take more than a month.
What's my experience with pricing, setup cost, and licensing?
Fortinet FortiSIEM is cheaper compared to other products.
What other advice do I have?
I use the latest version of Fortinet FortiSIEM. We have deployed Fortinet FortiSIEM on VMware.
Overall, I rate Fortinet FortiSIEM a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclaimer: My company has a business relationship with this vendor other than being a customer:
Date published: 2023-04-30T00:00:00-04:00
Rated 5 out of
5 by
reviewer1051230 from
Lacks a level of support we'd expect to see, particularly for patching; Threat Hunting is a great feature
What is our primary use case?
Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet.
What is most valuable?
I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature.
What needs improvement?
We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.
For how long have I used the solution?
I've been using this solution for four years.
What do I think about the scalability of the solution?
Scalability is good; you just add extra licenses. We have 15 admin users and around 10,000 EPS.
How was the initial setup?
There are lots of issues with licensing policies like the agentless and agent-based installation. It creates a lot of issues because when we purchase the SIEM, by default, we expect most of the licenses to be in the bundle. But it's not like that. We need to purchase separate licenses for each agent and agentless system. There is also licensing with the EPS. It's quite difficult for proposing and purchasing the solution. We hire Fortinet professional services for deployment.
Which other solutions did I evaluate?
I think that QRadar and RSE are better solutions than SIEM. The interactivity, scalability, and performance are far better than Fortinet.
What other advice do I have?
My needs are not getting met with this solution so I would not recommend it to anyone and rate it four out of 10.
Which deployment model are you using for this solution?
Private Cloud
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-01-11T00:00:00-05:00
Rated 5 out of
5 by
Ali Mohamed from
The log correlation is good
What is our primary use case?
FortiSIEM analyzes the logs from all the servers and firewalls.
How has it helped my organization?
FortiSIEM provides visibility into what happens on our corporate network. We can see traffic from users and detect brute force or bot attacks. It's clear in the SIEM solution.
What is most valuable?
FortiSIEM's log correlation is good.
What needs improvement?
FortiSIEM could be better integrated with other vendors.
For how long have I used the solution?
This happened about one year or one year and a half.
What do I think about the stability of the solution?
We had some issues during the update. Some updates didn't install, so we opened a ticket with Forti support, but it took more time to solve.
What do I think about the scalability of the solution?
FortiSIEM scales enough for our company. After the initial deployment, we added some servers and increased the resources to enable FortiSIEM to take the logs from the servers.
How are customer service and support?
I rate Fortinet support nine out of 10. It's excellent.
How would you rate customer service and support?
Positive
How was the initial setup?
Fortinet performed the initial setup, and it took about a week. We installed the image and integrated it with another server's Active Directory. Then we integrated it with the firewalls, routers, switches, and controller. Finally, we had to configure the policies.
What other advice do I have?
I rate Fortinet FortiSIEM eight out of 10. I would recommend FortiSIEM for corporate users, but I haven't tried any other SIEM solutions, so I have no reference for comparison. In the future, we might try another vendor with a more comprehensive solution.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-01-13T00:00:00-05:00
Rated 5 out of
5 by
Cletus Okolie from
Utilized for managing devices on the network, providing real-time incident reports on server and network changes
What is our primary use case?
We're using it to manage devices on the network. We get real-time incident reports on changes done on the servers and changes on routers and switches. They also use it to provide reports to management on activities, incidents, and events.
What is most valuable?
I like the reporting model where you can drill-down capabilities into user actions on the network.
I also like CMDB. The CMDB captures devices as long as they have SNMP enabled. It captures the information for me.
What needs improvement?
Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information.
When you're generating a report on the report line, sometimes it is very important to understand the criteria for creating the database to get the report you want. If FortiSIEM can improve on that, the user is looking for specific information, and it comes by. You don't need a technical person to generate a report. It's a bit difficult for you to generate it without drilling down. You need to keep clicking, and narrowing down your search to get what you want.
If there will be some level of info, I like the reporting on FortiAnalyzer because one can see the number of people consuming bandwidth on the network, who the top users are, at the critical button you specified, and how long the duration is. FortiSIEM is not as easy.
For how long have I used the solution?
I have been using it for three years. I currently use the version 6.3.
What do I think about the stability of the solution?
It is a stable solution. So far, it's been relatively stable. The current version we're using will expire in 2024, so we're planning to upgrade to the next version soon. We're also considering moving to the cloud, which may impact stability, but we'll have to see how that goes.
What do I think about the scalability of the solution?
It is a scalable solution on-prem environment. We will be testing the scalability when we migrate to the cloud.
We have between 300 and 400 users. There are three administrators on the system who manage devices for 25 EPS and close to 100 EPS. We are only licensed for 200 EPS, but we have plans to increase the number of users.
How are customer service and support?
The customer service and support have been helpful. We log in the case, they come back to us, and then we resolve it.
Which solution did I use previously and why did I switch?
We were using Check Point before we migrated to FortiSIEM. We used Check Point for about ten years before we moved to FortiGate.
So, we switched to Fortinet from Check Point. There were two main reasons. First, we weren't getting the support we needed from Check Point. Second, the cost of renewing support for our end-of-life devices was too high. We had a limited budget, so we looked for a solution that could give us the same features and capacity as Check Point at a more competitive price. We opted for FortiSIEM because it met both of our requirements.
How was the initial setup?
The initial setup was straightforward because Fortinet had already provisioned the appliance. We added it to our VM and finished up by configuring the key. The only bit where there was a bit of a problem was when we started because it was supposed to be a three-in-one appliance, but we noticed that we needed to separate the collector in a different location. Otherwise, it's a straightforward process.
My understanding of a three-in-one appliance is that both the collector and the other components have to be in the same box. However, there was certain information that we were not getting, and I understand that this was changed in the 6.3 version, where the collector is separate.
This makes it easier to use agentless apps, because with agentless apps, the information is now sent back to the collector if it is separate from the other components. So, we now have to start making changes to the Kapolei collector with storage and all that. I think it's still pretty straightforward though.
What about the implementation team?
We used a consultant for the deployment because it was a new product, and we wanted to ensure that it was done correctly. However, it is possible to deploy Fortinet FortiSIEM in-house by following the deployment guide.
The deployment took one week to deploy Fortinet FortiSIEM, excluding the time it took to acquire the necessary servers and virtual machines.
The first step was to purchase the necessary servers and virtual machines. We also needed to upgrade our VM version from 5 to 7.X. Once we had all of the necessary hardware and software in place, we were able to begin the deployment process.
We have five managers overseeing IT, internal control, and corporate. The staffing needs depend on their specific roles. The ID team provides the necessary support to ensure the application runs smoothly. Control users are in place to ensure that changes are made with proper information, and any alterations require approval. For these tasks, we have approximately five admins managing the process.
What's my experience with pricing, setup cost, and licensing?
We pay for a license for FortiSIEM. We pay for the license and renewal.
It is expensive. The initial cost was almost prohibitive, but we went with it because it was a recommendation from our recruiters. Otherwise, we probably wouldn't have done it because it was expensive.
What other advice do I have?
Overall, I would rate the solution a nine out of ten. It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely. I've been using FortiSIEM for about two years and FortiGate for about ten years, and I would recommend FortiSIEM to people who are interested in running next-generation firewalls.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-10-03T00:00:00-04:00
Rated 5 out of
5 by
COCO BABY from
A scalable product that offers good UI and firewall
What is our primary use case?
I use the solution in my company since it provides ease of monitoring. My company uses the product to get reports for our customers and monitoring purposes, as per the customer's preferences.
What needs improvement?
At times, I have noticed that Fortinet FortiSIEM suddenly goes down, and because of this, I have to reboot the servers from the engineers. Usually, I have to restart the panel again to get the product functioning. The aforementioned area of concern has been around for a very long time, making it something where improvements are required.
The stability of the product is an area of concern where improvements are required.
ArcSight can provide a detailed report for a year in a PDF format. In Fortinet FortiSIEM, there is a need to put in manual effort to get a detailed report. In Fortinet FortiSIEM, if I get reports for a specific time frame, I have to manually narrow them down by myself, after which I will not be able to get them in a Word or PDF format, which can be challenging.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for a year. My company uses the product for some of our internal purposes.
What do I think about the scalability of the solution?
It is a scalable tool. The product can handle a considerable number of customers.
At the moment, there are only two people in my company who use the solution. In the future, the number of uses may increase, especially if my company has to deal with more customers who want to use Fortinet FortiSIEM.
How are customer service and support?
Based on what I heard from my colleagues, the technical support is not bad. My colleagues directly contact the technical support for help.
How was the initial setup?
The product's initial setup phase was easy. I wasn't a part of the deployment process.
What other advice do I have?
In terms of how the tool supports our company's compliance monitoring and reporting practices, I would say that it stems from the fact that Fortinet FortiSIEM is able to serve what our company's customers want while also having the ability to offer solutions, making it quite easy for us to give the customers what they want. The fact that the solution helps my company provide the reports that my customer wants is actually nice. The tool also offers customization ability.
The features of Fortinet FortiSIEM that I find most effective for real-time security event correlation are real-time server connections, which allow me to see all the servers that are online at a particular period of time. The product also shows the threats and bifurcates them into high, medium, and low. The solution has the ability to generate reports easily. The product also provides specific solutions for any threats that are found.
The way Fortinet FortiSIEM improves my company's security posture stems from the fact that with the tool, I can see whatever is happening in real-time. In terms of security issues, if I try to see the problem or threat, then I can really dig deep into what is happening, which is a nice feature.
The tool is easy to maintain. Only two people are required to maintain the solution.
If I compare the integration capabilities of ArcSight with Fortinet FortiSIEM, I would have to say that the latter is in a better position to provide its customers with more details in terms of cybersecurity threats or if they want to compare the firewalls. Fortinet FortiSIEM is better for customers with no cybersecurity knowledge since it helps them understand the product. Fortinet FortiSIEM is better for the security of its customers.
I would ask those who plan to use the Fortinet FortiSIEM to see whether there are other solutions with which it needs to interact in their environment. Fortinet FortiSIEM is one of the best solutions I have dealt with, considering that it has a nice user interface. The update page is good and works in real time. The firewall part of the tool is good. I don't think there is anything that can cause problems for the tool's firewall. I actually liked the tool's firewall.
I rate the overall tool a nine out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2024-02-01T00:00:00-05:00
Rated 5 out of
5 by
reviewer2335281 from
Provides valuable CIM-based predefined rules and an efficient automated response feature
What is our primary use case?
We use the product for threat detection.
What needs improvement?
There could be more AI features included in the product.
For how long have I used the solution?
We have been using Fortinet FortiSIEM for more than two years.
What do I think about the stability of the solution?
I rate the platform's stability an eight and a half out of ten.
How are customer service and support?
The technical support services need improvement.
How would you rate customer service and support?
Positive
What other advice do I have?
They have released a new update recently. With the help of AVPN, users can log in from another country directly using CIM-based predefined rules. Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses.
I recommend other users to go with Fortinet FortiSIEM and rate the product an eight out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:
Date published: 2024-01-27T00:00:00-05:00
Rated 5 out of
5 by
Stefan Bächer from
A scalable solution with extensive customization options
What is our primary use case?
If a customer is looking to establish a centralized monitoring and security solution, Fortinet FortiSIEM can be tailored to meet their specific needs effectively. This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.
What is most valuable?
It works exceptionally well when combined with a vulnerability management solution.
What needs improvement?
Customer support service could be better.
What do I think about the stability of the solution?
It provides great stability features.
What do I think about the scalability of the solution?
Scalability is excellent, especially for our enterprise-level clients.
How are customer service and support?
I have moderate satisfaction with customer support, and we've learned to manage it adequately. I would rate it three out of ten.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
I previously worked with LogPoint, which had rigid pricing structures. In contrast, we value flexibility and aim to provide more adaptable support, so we switched to Fortinet FortiSIEM.
How was the initial setup?
The initial setup is quite swift.
What about the implementation team?
The deployment process usually takes just one to two days to have the basics up and running. This involves connecting the collectors and configuring the systems.
What's my experience with pricing, setup cost, and licensing?
Pricing is determined based on the customer's budget. We discuss how to tailor the pricing to fit the specific needs and financial considerations of the customer.
What other advice do I have?
I would highly recommend it. It's a top-tier solution, receiving a solid ten out of ten rating.
Disclaimer: My company has a business relationship with this vendor other than being a customer:partner
Date published: 2023-09-27T00:00:00-04:00
Rated 5 out of
5 by
Haiyang Lu from
Lacks good technical support, though it is cost-effective
What is our primary use case?
We are using Fortinet FortiSIEM on-premises and Azure Sentinel on the cloud. We are a university with an E5 license, and we cannot pump everything to Azure Sentinel because it will cost quite a lot. That's why we have two SIEM systems, one for cloud and one for on-premises.
We use Fortinet FortiSIEM for our on-premises services. It has a perpetual license, and we pay once. Depending on your storage size, you can pump to your on-premises SIEM system whenever you like. Our strategy is to use Azure Sentinel as little as possible. Since we have two SIEM systems, vendor integration is a problem, and we need more staff.
What is most valuable?
We have many application systems, and I can set up Fortinet FortiSIEM for users to monitor their systems.
What needs improvement?
The challenge I face with Fortinet FortiSIEM is the lack of support. I need to figure out many things by myself. Getting support for the solution is very hard. The support person is pretty good and nice. I need to go through the professional service channel for more professional support. Since my company cannot pay for professional services, I have to figure many things out myself.
For example, I have to figure out the best approach to design an architecture to fit into my environment. Then, I will go through the standard support channel to get confirmation from tech support, but they cannot help. I will return to the sales channel and try to get the right architecture for our environment approved.
Fortinet FortiSIEM is a new product, and Fortinet only supports one or two people. Fortinet FortiSIEM is not a mature solution.
Fortinet should educate existing customers about new features that can help them. Like Microsoft products, Fortinet should provide training or teaching material on YouTube. Fortinet provides free training on its website, but sometimes going through the whole course takes too long. I hope Fortinet improves this part.
Fortinet should provide 30 minutes or an hour-long webinars where we can learn lots of new things. Without this information, customers have to try to figure out things by themselves. Many smart engineers can do that, but they may not have enough resources or time to do it.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for six months.
What do I think about the stability of the solution?
I rate the solution’s stability a four out of ten.
What do I think about the scalability of the solution?
I rate the solution a four out of ten for scalability.
Which solution did I use previously and why did I switch?
I like Azure Sentinel more than Fortinet FortiSIEM because it has a lot of documentation, information, and training material. The problem with Microsoft is that they keep changing things regularly and you need to be updated about their changes. For usability, Azure Sentinel is much better than Fortinet FortiSIEM.
How was the initial setup?
We purchased the solution from a third-party company. Their engineer helped us to design the tool. Two to three months later, we realized that the design was not good for our environment and we needed to change it. When we got back to the third-party we purchased it from, their new engineer knew nothing about FortiSIEM. So, I had to set up the tool myself.
What's my experience with pricing, setup cost, and licensing?
Fortinet FortiSIEM is not an expensive solution. We purchased a perpetual license for FortiSIEM because Azure Sentinel is too expensive. We have to keep Fortinet FortiSIEM if we want to have the same system for the whole university. After purchasing the product, you also need lots of resources to develop it. If the price is mature, you don't need to spend too much resources to develop it.
What other advice do I have?
You need a dedicated person to develop and work with the solution. Fortinet FortiSIEM is suitable for big companies because they have resources. It is not good for one person or field engineer to look after many systems. Compared with Azure Sentinel, Fortinet FortiSIEM is much cheaper.
Overall, I rate the solution a five out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2024-05-16T00:00:00-04:00
Rated 5 out of
5 by
ParveshDhurmea from
Easy to use, user-friendly, and reliable
What is our primary use case?
Fortinet FortiSIEM can be used to detect unusual user and entity behavior on networks.
We currently are in the process of testing the solution.
What is most valuable?
The solution is easy to use and user-friendly.
What needs improvement?
Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for a few months.
What do I think about the stability of the solution?
I have found Fortinet FortiSIEM to be stable.
What do I think about the scalability of the solution?
Fortinet FortiSIEM is scalable.
How was the initial setup?
The installation is straightforward and can be done in one day.
What about the implementation team?
I am able to do the implementation of the solution.
What's my experience with pricing, setup cost, and licensing?
The solution is available for both, perpetual and subscription licenses.
What other advice do I have?
I rate Fortinet FortiSIEM an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-11-28T00:00:00-05:00
Rated 5 out of
5 by
reviewer1720563 from
User-friendly, reliable scales well, and has good technical support
What is our primary use case?
This solution is used to detect irregular user and entity behavior using machine learning.
What is most valuable?
Fortinet FortiSIEM is easy to use.
What needs improvement?
I would like to see more integration with other platforms.
For how long have I used the solution?
We have been providing Fortinet FortiSIEM for one year.
This solution can be deployed both on Cloud, and on-premises.
What do I think about the stability of the solution?
Fortinet FortiSIEM is a stable solution.
What do I think about the scalability of the solution?
It's a scalable product.
How are customer service and support?
Technical support is good enough. They were able to help us.
How was the initial setup?
It is easy to install.
In one day, we were able to install this solution ourselves.
We only need one engineer to maintain this solution.
What's my experience with pricing, setup cost, and licensing?
They have a yearly subscription.
What other advice do I have?
I would rate Fortinet FortiSIEM a ten out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-11-28T00:00:00-05:00
Rated 5 out of
5 by
reviewer1251210 from
Stable machine learning solution that offers the advanced use of AI
What is our primary use case?
We use this solution to collect logs.
What is most valuable?
The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers.
What needs improvement?
The graphs on the user interface could be improved as we often experience glitches.
What do I think about the stability of the solution?
This is a stable solution.
How are customer service and support?
The customer service team needs additional experience and knowledge of the solution so the answers they provide are more accurate and helpful.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We use this solution together with McAfee ESM which is a simple and robust solution. Its interface is better than SIEM.
How was the initial setup?
The initial setup was straightforward. The time it takes to complete the setup and deployment depends on the size of the environment and the number of EPS events per second.
What other advice do I have?
This is a good solution but is fairly new so the support for it is not effective. Their support team does not have the experience to immediately solve issues.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-02-22T00:00:00-05:00
Rated 5 out of
5 by
reviewer2305767 from
Provides an excellent analytics engine, and the real-time monitoring features make life easy
What is our primary use case?
We use the solution for monitoring, intrusion detection, and user behavior analytics. We run the dashboards to detect anomalies. We have our own incident tracking solution. We use it to track the time to detect versus the time to resolve and close the ticket.
What is most valuable?
The product kicks the logs automatically without an agent. We also use it for file integrity monitoring. The analytics engine is quite good. It can correlate traffic across our various platforms and give us a standard dashboard view of what's happening. By seeing what's happening on the network, we can pick anomalies like encrypted traffic, policy violations, and unusual accesses. It helps us be compliant. We can push back on the users and the IT team and keep them accountable based on what they are doing across their network.
Real-time monitoring makes life quite easy for me. Once I have the assurance that I have visibility into what's happening, I can report to the business and my boss that all is well. It also allows me to keep the security operations team on its toes. We do a lot of red teaming. It allows us to see whether the SOC team is doing what it is supposed to do.
The tool is relatively easy to integrate. It's agentless. We have a Windows environment majorly. We can tell the product to monitor everything at once. As long as it's authenticated, it will fix what we need.
What needs improvement?
Network detection and response is a separate product. That's how I ended up with Wazuh. I'm looking for something to help me on the network and endpoint level. The vendor must look to consolidate and improve that area.
For how long have I used the solution?
I have been using the solution for more than five years.
What do I think about the stability of the solution?
The tool is quite stable. I rarely ever need to reboot or check things. I just fine-tune the rules based on the new use cases that keep coming up.
What do I think about the scalability of the solution?
We've not had any troubles with the tool’s scalability. We are a small growing bank. We have around 800 endpoints at the moment.
How are customer service and support?
I have no complaints with the technical support.
How would you rate customer service and support?
Positive
How was the initial setup?
I rate the ease of setup a seven to eight out of ten. It's agentless. We can hit the ground running. A third-party provider currently supports us in maintaining the product. We have no complaints regarding the maintenance work.
What's my experience with pricing, setup cost, and licensing?
The price is competitive. We can scale based on the licensing. It is an annual CapEx.
Which other solutions did I evaluate?
I am using only Fortinet and Wazuh currently. I have worked with AlienVault and IBM QRadar in a different organization. The products have their own unique space in the market. SolarWinds has a logging engine. IBM is huge.
What other advice do I have?
It's a good tool if we are small and growing. It is easy to deploy. The support is available. The product is easy to learn. Overall, I rate the solution a nine out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2024-03-08T00:00:00-05:00
Rated 5 out of
5 by
reviewer1721355 from
Offers good integration capabilities with multiple tools from different vendors
What is our primary use case?
I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.
What is most valuable?
The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.
What needs improvement?
Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.
The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.
For how long have I used the solution?
I have been using Fortinet FortiSIEM since 2018.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a nine out of ten.
If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.
What do I think about the scalability of the solution?
It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.
My company deals with around six customers who use the product.
How are customer service and support?
The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.
How was the initial setup?
The product's initial setup phase is easy.
In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.
After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.
What's my experience with pricing, setup cost, and licensing?
I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.
There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.
What other advice do I have?
The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.
I rate the integration capabilities of the tool a nine out of ten.
The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.
It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.
I rate the tool a nine out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:Integrator
Date published: 2024-05-03T00:00:00-04:00