Know Your SIEM Solutions: Fortinet's FortiSIEM
Founded in Sunnyvale, California, Fortinet is one of the largest cybersecurity companies with a portfolio of 50 enterprise-grade products converging between networking and security space. The company specializes in the development and provision of comprehensive security solutions encompassing firewalls, endpoint security, and intrusion detection systems. It is also the provider of its own scalable SIEM - FortiSIEM.
In the following post, you’ll become familiar with this SIEM, its features, and have a better understanding of whether it’s the right tool to add to your cybersecurity portfolio.
Availability
The FortiSIEM platform is available in both on-prem and cloud-deployable formats. It offers plenty of versatility with options for hardware or virtual machine (VM) deployment and is offered through perpetual or subscription licensing models. In this regard, FortiSIEM stands out as one of the few SIEM vendors still offering dedicated hardware.
Features and Integrations
Out of the box, this SIEM offers extensive network and IT monitoring capabilities that complement its existing security functions. The platform boasts features such as an integrated configuration management database (CMDB), an Advanced Windows and Linux Agent, native multitenancy, and a built-in User and Entity Behavior Analytics (UEBA) module as part of its standard package.
As expected, it seamlessly integrates with Fortinet's wider ecosystem, able to easily incorporate complementary solutions like FortiSOAR and FortiAnalyzer. There is also an optional subscription service that enriches the SIEM’s native threat intelligence capabilities by integrating with the FortiGuard Indicators of Compromise (IOC) service database. Support for the platform is provided through FortiCare services.
The platform is able to integrate with applications and complementary security systems outside of Fortinet’s offerings. Its dedicated API capabilities and an extension partner network, opens the door to a wide array of integrated apps and components.
For instance, FortiSIEM supports external Threat Intelligence Integrations, including:
- Built-in integration for popular threat intelligence sources.
- APIs for integrating external threat feed intelligence which includes Malware domains, IPs, URLs, hashes, Tor nodes.
- STIX and TAXII support.
State of Development
FortiSIEM is being actively updated and maintained by Fortinet. Over the past six months, FortiSIEM has introduced features such as the FortiSIEM Manager, enabling users with multiple instances of the product to centrally manage them in a command SOC configuration. Additionally, The Fortinet Training Institute allows clients to educate their staff on Fortinet technologies as they evolve and obtain industry-recognized qualifications.
Considerations
While Fortinet excels in various aspects, the relatively slow maturity of its Software as a Service (SaaS) offering compared to older service models may make it seem in some ways antiquated when compared to its more recent competitors. Organizations seeking more discreet SaaS offerings with more cloud reliance may be tempted to look at alternatives, such as Splunk or cloud native emerging SIEMs like Devo.
Nevertheless, Fortinet's SIEM remains widely utilized in dedicated or physical deployment scenarios by its client base. The platform's continuous evolution and commitment to comprehensive security solutions continue to make it a compelling choice for organizations seeking a robust and integrated approach to their security infrastructure.
Considering building an integration with FortiSIEM or any other product within Fortinet? Metron is a Fortinet Technical Alliance partner and has experience building scalable integration with Fortinet’s products.
If you are considering any custom cybersecurity solution that focuses on the resources and needs of your organisation, please send a note to connect@metronlabs.com.