If a customer is looking to establish a centralized monitoring and security solution, Fortinet FortiSIEM can be tailored to meet their specific needs effectively. This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.
Fortinet FortiSIEM Cloud
Fortinet Inc.Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
61 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Best siem tool i ever seen
What do you like best about the product?
Simple Gui , easily understandable, many functions provide for monitoring
What do you dislike about the product?
I love fortiSiem. Their have no function which i dislike.
What problems is the product solving and how is that benefiting you?
Provide a detailed information for a client assessment. This information help me to understand what's going on the client asset.
FortiSIEM: Considerable SIEM Solution
What do you like best about the product?
FortiSIEM offers a very nice user-friendly interface, and there are many customizations available on dashboards and reports. Additionally, FortiSIEM has impressive integration capabilities.
What do you dislike about the product?
One may experience many false positives and huge noise while using FortiSIEM. Even though these issues can be mitigated with proper fine-tuning of rules and policies, the complex configuration makes it more difficult.
What problems is the product solving and how is that benefiting you?
FortiSIEM can be leveraged as an effective SIEM Solution for a mid-size organization where it helps gather and present all the important logs for monitoring and alerting purposes. The advanced analytical engine comprising ML and anomaly detection acts as a watchful protector in a well-managed security suite.
A scalable solution with extensive customization options
What is our primary use case?
What is most valuable?
It works exceptionally well when combined with a vulnerability management solution.
What needs improvement?
Customer support service could be better.
What do I think about the stability of the solution?
It provides great stability features.
What do I think about the scalability of the solution?
Scalability is excellent, especially for our enterprise-level clients.
How are customer service and support?
I have moderate satisfaction with customer support, and we've learned to manage it adequately. I would rate it three out of ten.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
I previously worked with LogPoint, which had rigid pricing structures. In contrast, we value flexibility and aim to provide more adaptable support, so we switched to Fortinet FortiSIEM.
How was the initial setup?
The initial setup is quite swift.
What about the implementation team?
The deployment process usually takes just one to two days to have the basics up and running. This involves connecting the collectors and configuring the systems.
What's my experience with pricing, setup cost, and licensing?
Pricing is determined based on the customer's budget. We discuss how to tailor the pricing to fit the specific needs and financial considerations of the customer.
What other advice do I have?
I would highly recommend it. It's a top-tier solution, receiving a solid ten out of ten rating.
Utilized for managing devices on the network, providing real-time incident reports on server and network changes
What is our primary use case?
We're using it to manage devices on the network. We get real-time incident reports on changes done on the servers and changes on routers and switches. They also use it to provide reports to management on activities, incidents, and events.
What is most valuable?
I like the reporting model where you can drill-down capabilities into user actions on the network.
I also like CMDB. The CMDB captures devices as long as they have SNMP enabled. It captures the information for me.
What needs improvement?
Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information.
When you're generating a report on the report line, sometimes it is very important to understand the criteria for creating the database to get the report you want. If FortiSIEM can improve on that, the user is looking for specific information, and it comes by. You don't need a technical person to generate a report. It's a bit difficult for you to generate it without drilling down. You need to keep clicking, and narrowing down your search to get what you want.
If there will be some level of info, I like the reporting on FortiAnalyzer because one can see the number of people consuming bandwidth on the network, who the top users are, at the critical button you specified, and how long the duration is. FortiSIEM is not as easy.
For how long have I used the solution?
I have been using it for three years. I currently use the version 6.3.
What do I think about the stability of the solution?
It is a stable solution. So far, it's been relatively stable. The current version we're using will expire in 2024, so we're planning to upgrade to the next version soon. We're also considering moving to the cloud, which may impact stability, but we'll have to see how that goes.
What do I think about the scalability of the solution?
It is a scalable solution on-prem environment. We will be testing the scalability when we migrate to the cloud.
We have between 300 and 400 users. There are three administrators on the system who manage devices for 25 EPS and close to 100 EPS. We are only licensed for 200 EPS, but we have plans to increase the number of users.
How are customer service and support?
The customer service and support have been helpful. We log in the case, they come back to us, and then we resolve it.
Which solution did I use previously and why did I switch?
We were using Check Point before we migrated to FortiSIEM. We used Check Point for about ten years before we moved to FortiGate.
So, we switched to Fortinet from Check Point. There were two main reasons. First, we weren't getting the support we needed from Check Point. Second, the cost of renewing support for our end-of-life devices was too high. We had a limited budget, so we looked for a solution that could give us the same features and capacity as Check Point at a more competitive price. We opted for FortiSIEM because it met both of our requirements.
How was the initial setup?
The initial setup was straightforward because Fortinet had already provisioned the appliance. We added it to our VM and finished up by configuring the key. The only bit where there was a bit of a problem was when we started because it was supposed to be a three-in-one appliance, but we noticed that we needed to separate the collector in a different location. Otherwise, it's a straightforward process.
My understanding of a three-in-one appliance is that both the collector and the other components have to be in the same box. However, there was certain information that we were not getting, and I understand that this was changed in the 6.3 version, where the collector is separate.
This makes it easier to use agentless apps, because with agentless apps, the information is now sent back to the collector if it is separate from the other components. So, we now have to start making changes to the Kapolei collector with storage and all that. I think it's still pretty straightforward though.
What about the implementation team?
We used a consultant for the deployment because it was a new product, and we wanted to ensure that it was done correctly. However, it is possible to deploy Fortinet FortiSIEM in-house by following the deployment guide.
The deployment took one week to deploy Fortinet FortiSIEM, excluding the time it took to acquire the necessary servers and virtual machines.
The first step was to purchase the necessary servers and virtual machines. We also needed to upgrade our VM version from 5 to 7.X. Once we had all of the necessary hardware and software in place, we were able to begin the deployment process.
We have five managers overseeing IT, internal control, and corporate. The staffing needs depend on their specific roles. The ID team provides the necessary support to ensure the application runs smoothly. Control users are in place to ensure that changes are made with proper information, and any alterations require approval. For these tasks, we have approximately five admins managing the process.
What's my experience with pricing, setup cost, and licensing?
We pay for a license for FortiSIEM. We pay for the license and renewal.
It is expensive. The initial cost was almost prohibitive, but we went with it because it was a recommendation from our recruiters. Otherwise, we probably wouldn't have done it because it was expensive.
What other advice do I have?
Overall, I would rate the solution a nine out of ten. It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely. I've been using FortiSIEM for about two years and FortiGate for about ten years, and I would recommend FortiSIEM to people who are interested in running next-generation firewalls.
An authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same
What is our primary use case?
We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.
What is most valuable?
Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.
What needs improvement?
Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.
Fortinet FortiSIEM's database monitoring could be made easier, like the servers and the security devices.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for the past four to five months.
What do I think about the stability of the solution?
Fortinet FortiSIEM is a stable product.
What do I think about the scalability of the solution?
Fortinet FortiSIEM is a scalable product. We initially configured five devices, and then we could scale it to twenty. There could be some issues if the device count goes up to hundreds and thousands. Around 10 to 15 engineers use Fortinet FortiSIEM in our company.
What other advice do I have?
Overall, I rate Fortinet FortiSIEM an eight out of ten.
A stable solution with an awesome IP database
What is our primary use case?
We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.
What is most valuable?
The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.
What needs improvement?
When our team tried configuring logs for Microsoft SQL, it did not work.
The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.
For how long have I used the solution?
I have been using the solution for the past four to five months.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.
How are customer service and support?
My team members contacted the support team, and they helped us configure a few things.
How was the initial setup?
My team did not face any issues during configuration.
What other advice do I have?
I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.
Basic log aggregator, specifically for fortinet
What do you like best about the product?
connects in a simple way to other fortinet products, both security and not
What do you dislike about the product?
less simple to use when want to use 3rd party sources merged with fortinet events
What problems is the product solving and how is that benefiting you?
unified and historical statistical views for events across environments
Recommendations to others considering the product:
Simple integration with other Fortinet products
FortiSIEM is not the best tool but it is good for monitoring and alerting
What do you like best about the product?
It has some extra features that other SIEM tools do not have and allows you to organize your business assets and monitor them based on your specific needs
What do you dislike about the product?
Not happy with the lack of compatibility with other big know technologies. With other SIEM tools at least you can easily create parsing rules
What problems is the product solving and how is that benefiting you?
Incident response management
Amazing product from fortinet
What do you like best about the product?
the interface and the support from fortinet are very good for any IT support engineer to implement this product in any network
What do you dislike about the product?
sometimes its a mess when you upgrade firmware you have to follow the path if not the functions will get affected
What problems is the product solving and how is that benefiting you?
more protection on the network and more control on the traffic inward and outward
Expensive but affective
What do you like best about the product?
FortiSIEM visualizes threats in a beautiful and easy to digest way
What do you dislike about the product?
The sales process was long, partner and Fortinet driven, lots of high pressure and the price kept dropping dramatically the more I pushed back
What problems is the product solving and how is that benefiting you?
The vast amount of unaggregated security data makes it hard to see what’s happening and prioritize threats. FortiSIEM did a great job of fixing this. Purchased at a team that is understaffed/undertrained due to the cybersecurity skills gap.
showing 31 - 40