Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.

It detects new technologies, vulnerabilities, and emerging threats on the internet.

I have been using Fortinet FortiSIEM for four years.

500 users are using this solution.

The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.

The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.

The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.

I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.

Our provider does the deployment and maintenance.

It has a good price and is more competitive than the others.

If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.

Overall, I rate the solution an eight out of ten.

I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.

The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products. The tool has an endless number of templates, so based on a customer's use case, we can choose the templates, create the report as per compliance, and submit it to management for higher visibility.

With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily.

The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.

I have been using Fortinet FortiSIEM for more than ten years. I am an integrator of the solution. I use Fortinet FortiSIEM 7.0.0.

From the application perspective, yeah, I think it is a stable tool most of the time, but we have met some issues with the database sometimes. Stability-wise, I rate the solution a nine out of ten.

It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.

I think around ten customers of my company use the tool.

My customers are medium and enterprise-sized businesses.

The solution's technical support has been a nightmare. I rate the technical support a four or five out of ten.

If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten. It is not very complicated, but a tech person who has the expertise to install and scale implement all these features would be required to implement the tool.

The product's installation model depends on the company's compliance and IT policies. Most customers prefer implementing an on-premises model. When considering commercial and upfront investment, customers are ready to go for cloud solutions as well. But in my experience, most customers prefer to implement an on-premises model.

The time required to deploy the solution depends on how big your network is currently. It might take two days to up to two weeks, so that is the normal project implementation time. It is always based on how big our network is and how we know our network. If customers have good visibility and understanding of their network, good access, and all the authentication paths, the integration will be much easier. In some cases, it might take more than two weeks. On average, I think it will take one to two weeks to complete installation.

The deployment of the tool is always for the SOC part of a company. It is used for real-time network analytics.

For the deployment, we discuss all the requests or use cases with the customer and understand their network topology. Most of the time, we access their platform for installation, and so we deal with virtualization platforms, like VMware ESXi, and based on that, we will download the SIEM pack from Fortinet. Once the installation has been completed, we try to find all the devices in the network that we need to monitor so we can enable all those processes. It is the normal deployment procedure we are following for implementation. Once the primary implementation has been completed based on customer use cases or complaints, we might create those dashboards and templates for reporting.

If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap.

For threat detection, some AI-based analytics tools are there, and it is one of the latest features in the product. The AI helps mitigate threats.

In terms of the tool's ability to streamline customer security workflow, the product normally searches events in real-time, so customers will get alerts of the event in real-time. Compared to other products like Splunk or Oracle, I think Fortinet FortiSIEM is more reliable in real-time.

If there is proper support and better technical capabilities, it can become a good solution.

I rate the tool an eight out of ten.

We are using Fortinet FortiSIEM on-premises and Azure Sentinel on the cloud. We are a university with an E5 license, and we cannot pump everything to Azure Sentinel because it will cost quite a lot. That's why we have two SIEM systems, one for cloud and one for on-premises.

We use Fortinet FortiSIEM for our on-premises services. It has a perpetual license, and we pay once. Depending on your storage size, you can pump to your on-premises SIEM system whenever you like. Our strategy is to use Azure Sentinel as little as possible. Since we have two SIEM systems, vendor integration is a problem, and we need more staff.

We have many application systems, and I can set up Fortinet FortiSIEM for users to monitor their systems.

The challenge I face with Fortinet FortiSIEM is the lack of support. I need to figure out many things by myself. Getting support for the solution is very hard. The support person is pretty good and nice. I need to go through the professional service channel for more professional support. Since my company cannot pay for professional services, I have to figure many things out myself.

For example, I have to figure out the best approach to design an architecture to fit into my environment. Then, I will go through the standard support channel to get confirmation from tech support, but they cannot help. I will return to the sales channel and try to get the right architecture for our environment approved.

Fortinet FortiSIEM is a new product, and Fortinet only supports one or two people. Fortinet FortiSIEM is not a mature solution.

Fortinet should educate existing customers about new features that can help them. Like Microsoft products, Fortinet should provide training or teaching material on YouTube. Fortinet provides free training on its website, but sometimes going through the whole course takes too long. I hope Fortinet improves this part.

Fortinet should provide 30 minutes or an hour-long webinars where we can learn lots of new things. Without this information, customers have to try to figure out things by themselves. Many smart engineers can do that, but they may not have enough resources or time to do it.

I have been using Fortinet FortiSIEM for six months.

I rate the solution’s stability a four out of ten.

I rate the solution a four out of ten for scalability.

I like Azure Sentinel more than Fortinet FortiSIEM because it has a lot of documentation, information, and training material. The problem with Microsoft is that they keep changing things regularly and you need to be updated about their changes. For usability, Azure Sentinel is much better than Fortinet FortiSIEM.

We purchased the solution from a third-party company. Their engineer helped us to design the tool. Two to three months later, we realized that the design was not good for our environment and we needed to change it. When we got back to the third-party we purchased it from, their new engineer knew nothing about FortiSIEM. So, I had to set up the tool myself.

Fortinet FortiSIEM is not an expensive solution. We purchased a perpetual license for FortiSIEM because Azure Sentinel is too expensive. We have to keep Fortinet FortiSIEM if we want to have the same system for the whole university. After purchasing the product, you also need lots of resources to develop it. If the price is mature, you don't need to spend too much resources to develop it.

You need a dedicated person to develop and work with the solution. Fortinet FortiSIEM is suitable for big companies because they have resources. It is not good for one person or field engineer to look after many systems. Compared with Azure Sentinel, Fortinet FortiSIEM is much cheaper.

Overall, I rate the solution a five out of ten.

I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.

The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.

Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.

The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.

I have been using Fortinet FortiSIEM since 2018.

Stability-wise, I rate the solution a nine out of ten.

If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.

It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.

My company deals with around six customers who use the product.

The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.

The product's initial setup phase is easy.

In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.

After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.

I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.

There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.

The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.

I rate the integration capabilities of the tool a nine out of ten.

The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.

It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.

I rate the tool a nine out of ten.

We use the solution for monitoring, intrusion detection, and user behavior analytics. We run the dashboards to detect anomalies. We have our own incident tracking solution. We use it to track the time to detect versus the time to resolve and close the ticket.

The product kicks the logs automatically without an agent. We also use it for file integrity monitoring. The analytics engine is quite good. It can correlate traffic across our various platforms and give us a standard dashboard view of what's happening. By seeing what's happening on the network, we can pick anomalies like encrypted traffic, policy violations, and unusual accesses. It helps us be compliant. We can push back on the users and the IT team and keep them accountable based on what they are doing across their network.

Real-time monitoring makes life quite easy for me. Once I have the assurance that I have visibility into what's happening, I can report to the business and my boss that all is well. It also allows me to keep the security operations team on its toes. We do a lot of red teaming. It allows us to see whether the SOC team is doing what it is supposed to do.

The tool is relatively easy to integrate. It's agentless. We have a Windows environment majorly. We can tell the product to monitor everything at once. As long as it's authenticated, it will fix what we need.

Network detection and response is a separate product. That's how I ended up with Wazuh. I'm looking for something to help me on the network and endpoint level. The vendor must look to consolidate and improve that area.

I have been using the solution for more than five years.

The tool is quite stable. I rarely ever need to reboot or check things. I just fine-tune the rules based on the new use cases that keep coming up.

We've not had any troubles with the tool’s scalability. We are a small growing bank. We have around 800 endpoints at the moment.

I have no complaints with the technical support.

I rate the ease of setup a seven to eight out of ten. It's agentless. We can hit the ground running. A third-party provider currently supports us in maintaining the product. We have no complaints regarding the maintenance work.

The price is competitive. We can scale based on the licensing. It is an annual CapEx.

I am using only Fortinet and Wazuh currently. I have worked with AlienVault and IBM QRadar in a different organization. The products have their own unique space in the market. SolarWinds has a logging engine. IBM is huge.

It's a good tool if we are small and growing. It is easy to deploy. The support is available. The product is easy to learn. Overall, I rate the solution a nine out of ten.

I use the solution in my company since it provides ease of monitoring. My company uses the product to get reports for our customers and monitoring purposes, as per the customer's preferences.

At times, I have noticed that Fortinet FortiSIEM suddenly goes down, and because of this, I have to reboot the servers from the engineers. Usually, I have to restart the panel again to get the product functioning. The aforementioned area of concern has been around for a very long time, making it something where improvements are required.

The stability of the product is an area of concern where improvements are required.

ArcSight can provide a detailed report for a year in a PDF format. In Fortinet FortiSIEM, there is a need to put in manual effort to get a detailed report. In Fortinet FortiSIEM, if I get reports for a specific time frame, I have to manually narrow them down by myself, after which I will not be able to get them in a Word or PDF format, which can be challenging.

I have been using Fortinet FortiSIEM for a year. My company uses the product for some of our internal purposes.

It is a scalable tool. The product can handle a considerable number of customers.

At the moment, there are only two people in my company who use the solution. In the future, the number of uses may increase, especially if my company has to deal with more customers who want to use Fortinet FortiSIEM.

Based on what I heard from my colleagues, the technical support is not bad. My colleagues directly contact the technical support for help.

The product's initial setup phase was easy. I wasn't a part of the deployment process.

In terms of how the tool supports our company's compliance monitoring and reporting practices, I would say that it stems from the fact that Fortinet FortiSIEM is able to serve what our company's customers want while also having the ability to offer solutions, making it quite easy for us to give the customers what they want. The fact that the solution helps my company provide the reports that my customer wants is actually nice. The tool also offers customization ability.

The features of Fortinet FortiSIEM that I find most effective for real-time security event correlation are real-time server connections, which allow me to see all the servers that are online at a particular period of time. The product also shows the threats and bifurcates them into high, medium, and low. The solution has the ability to generate reports easily. The product also provides specific solutions for any threats that are found.

The way Fortinet FortiSIEM improves my company's security posture stems from the fact that with the tool, I can see whatever is happening in real-time. In terms of security issues, if I try to see the problem or threat, then I can really dig deep into what is happening, which is a nice feature.

The tool is easy to maintain. Only two people are required to maintain the solution.

If I compare the integration capabilities of ArcSight with Fortinet FortiSIEM, I would have to say that the latter is in a better position to provide its customers with more details in terms of cybersecurity threats or if they want to compare the firewalls. Fortinet FortiSIEM is better for customers with no cybersecurity knowledge since it helps them understand the product. Fortinet FortiSIEM is better for the security of its customers.

I would ask those who plan to use the Fortinet FortiSIEM to see whether there are other solutions with which it needs to interact in their environment. Fortinet FortiSIEM is one of the best solutions I have dealt with, considering that it has a nice user interface. The update page is good and works in real time. The firewall part of the tool is good. I don't think there is anything that can cause problems for the tool's firewall. I actually liked the tool's firewall.

I rate the overall tool a nine out of ten.