What is our primary use case?
We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.
Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges.
How has it helped my organization?
With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.
What is most valuable?
One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.
There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.
What needs improvement?
Its training can be improved. Its price also needs to be improved.
For how long have I used the solution?
I have been using this solution for one year.
What do I think about the stability of the solution?
It has been good so far. We don't have any complaints about the tool.
What do I think about the scalability of the solution?
It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.
Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.
How are customer service and technical support?
We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.
How was the initial setup?
The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.
What about the implementation team?
For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.
What's my experience with pricing, setup cost, and licensing?
There is a licensing scheme for every case. There are three licensing schemes that we can choose from.
Which other solutions did I evaluate?
Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.
What other advice do I have?
I would advise others to start small and plan for future growth.
I would rate Fortinet FortiSIEM an eight out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Which version of this solution are you currently using?