What is our primary use case?
We use the on-prem deployment model of this solution.
My primary use case for this solution is for log collection. I have a lot of FortiGates that I have to collect logs from, so I primarily use it for log collection. We plan to deploy a SIEM and we want to try to see how to integrate all the solutions to our SIEM. We are processing for PCI data specifications. We have to respond to PCI requirements, so that's why we are making some changes and acquiring some new security solutions to deploy. Among them, we have FortiSIEM and other security solutions like antivirus.
What is most valuable?
It is a simple and solution. I can structuralize all my FortiGate logs but it's not so good from the administrative side. I have FortiGate in four countries and I am responsible for securing Fortinet. I also have to manage FortiGate in other countries, not just my own. If I have to go through each FortiGate it's going to be a little bit complicated. FortiAnalyzer is a good product; but, I keep thinking that FortiAnalyzer isn't really what I'm looking for which is why I am looking to acquire a SIEM solution. It will give me more log collection possibilities.
What needs improvement?
I'm looking for something more efficient to analyze different foreign things. That's why FortiSIEM could compete with FortiAnalyzer.
For how long have I used the solution?
I have been using this solution in this company for three months.
How are customer service and technical support?
I haven't had to contact their technical support yet.
How was the initial setup?
The initial setup is not that complex. I didn't do the initial configuration, it was already set up, I'm only managing it right now. If we're talking about the integration side, like how to integrate FortiGate in FortiAnalyzer, I don't think it's complex. That's why they are known as one of the leaders in security.
What other advice do I have?
I would recommend this solution to somebody considering it.
The relevance of this solution will depend on the case. If you are considering this solution I would ask what you really intend to accomplish with it and what model you want. It's going to be based on the data you need to protect and analyze.
If I had to choose between FortiSIEM and FortiAnalyzer for log position it's better to go for SIEM. We all know that we can do a lot more with SIEM than just a log collection. Log collection is included in FortiSIEM; so, why acquire FortiAnalyzer is you can have FortiSIEM?
I would rate FortiAnalyzer a 6.5 out of ten.