FortiSIEM Blog

Let's talk about three important areas of SIEM deployments:  functionality, scalability, and flexibility.



What does a SIEM do?  Wikipedia [1] suggests: Data aggregation; Correlation; Alerting; Dashboards; Retention, and; Forensic Analysis - a good list of foundational features, but these are taken-for-granted in a modern SIEM. What else does a SIEM do for you,? What makes your SIEM a winner in your environment?

FortiSIEM brings a raft of functionality that provides a winning solution for modern enterprise and service provider environments:





Combined NOC&SOC Analytics

Performance and availability monitoring via active device discovery

  • Greater ROI
  • Greater security vantage
  • Greater ease of use
  • Reduced MTTR
  • Greater functionality & flexibility

Integrated CMDB

Asset list of discovered devices, plus device monitoring

Integrated UEBA

Visibility of client activity. AI driven anomaly detection.

Mitre ATT&CK(r) Framework

ATT&CK framework integration down to the technique level

Flexible multi-tier dashboards

Customizable, graphical, widget based dashboards

Integrated case management

Built in case management, plus integration with external ticket systems

Full multi-tenancy capabilities

End to end multi-tenancy features for service provider deployments

And more…




How big will your SIEM deployment be on day 1? How about the day after? A year later? Sizing a SIEM deployment can be tricky, but is a critical part of deploying a solution that will deliver the log ingestion and query performance that you need.

FortiSIEM's Rapid Scale Architecture utilizes a scale out architecture and shared storage to scale from a small single node deployment up to a large multi-node cluster. The architecture is easy to understand and easy to scale; it consists of just three node types: supervisor, worker and collector. Need to scale your FortiSIEM? Add more workers and collectors.



FortiSIEM's broad feature set and scalable architecture deliver a flexible, winning solution for our customers:

  • Deploy FortiSIEM in a small enterprise that needs an easy to use solution that can deliver real added value to IT departments
  • Deploy FortiSIEM in a large enterprise environment that needs a scalable and effective but easy to use SIEM solution that provides: more functionality. greater visibility, and reduced MTTR
  • Deploy FortiSIEM in a MSP or MSSP environment that needs a scalable, multi-tenant capable platform that can be easily and efficiently used to deliver hosted or managed SIEM services

Head over to to read more about how FortiSIEM can bring greater value to your organization, or contact your Fortinet partner or account manager today.