Fortinet FortiSIEM Review

It's complicated to deploy but detection rules are flexible


What is our primary use case?

My primary use case is that it is an analyst tool for hunting on your site network.

How has it helped my organization?

The platform is nice. It is not easy to implement, but once you do so, there is a lot of value from the platform. 

What is most valuable?

AccelOps can handle a lot of data and it's just so important to true monitoring. That is the strong point of AccelOps.

The second one is detecting. I can create a lot of rules to detect anything I like, and this is another strong point.

It's also the only SIEM platform on the market that has health monitoring capabilities, and correlates. For example, if a service is going down I can detect that it is going down and correlate it. For example, if it's because of an exploit can correlate this. It's a nice feature.

What do I think about the stability of the solution?

I think all SIEM platforms have a problem handling a lot of data. My response is "it depends." Depends on the people, depends on the product, depends on the technology. To implement any technology you need good people, and this is independent of the label of the company or technology. The stability is not bad, it's not good. It's a complicated question.

What do I think about the scalability of the solution?

I don't have any feature for load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated. For example, the design is bad because you have one supervisor on one machine and you handle everything off this machine supervisor. It is a design problem. The technology also has limitations because you have a lot of memory and a lot of processors, but you have a limit with processors and memory, which causes problems with scalability. 

How are customer service and technical support?

It's equal to any technical support. You need to go to level one, level two, level three to reach their engineers. It is complicated. With any technology it is like this. But my level of skill here is high, and going to level one, level two, level three is complicated. You have a ladder to solve the problems quickly. That's the problem. Any platform, any vendor has the same problem. You need to go through levels until you find one guy who can solve your problem.

Which solution did I use previously and why did I switch?

I used a solution previously. I switched because I needed evolving technology. I needed to evolve to smart features.

The most important criteria when selecting a vendor is price. After that it's detection.

How was the initial setup?

For the first steps you have some help. At the beginning you have priority support, you have engineers. After that you pay.

It's complex because you need to evaluate a lot of things.

What other advice do I have?

I advise that you should plan your financial resources and plan the platform. Also, be sure to test the performance ability, as well as scalability. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiSIEM reviews from users
...who work at a Comms Service Provider
...who compared it with Splunk
Add a Comment
Guest