Please share with the community what you think needs improvement with Fortinet FortiSIEM.
What are its weaknesses? What would you like to see changed in a future version?
This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.
I would like to see easier implementation in the future.
The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product. The policy editing should be easier. Right now, it's too hard. Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier. The product is quite expensive. It's something clients always comment on.
Its training can be improved. Its price also needs to be improved.
The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed. You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process. It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option. The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.
The solution needs to be form flow diagram automatically with AWS platform
This is a great product for everyone. The disadvantage is the product portfolio. We need more incidents automatically to protect our network. We need to see incident reports about the event log, without events from the administrator or through human interaction. In the next release, I would like to have automated generation reports of incident reports.
When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.
When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement. The solution should offer user behavior analytics in a future release.
The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients. They also have to improve their import perfection solution.
Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great. It should also have better integration.
The solution can't be improved, but it can be managed more clearly. The solution just needs minor improvements. I'm quite sure Fortinet is already working on this. They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI, there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution.
The performance can be improved. Sometimes it takes a long time to fetch data.
The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format. for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations. I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .
The backup and recovery process for this solution needs improvement. I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.
What do you like most about Fortinet FortiSIEM?
Thanks for sharing your thoughts with the community!