Let's talk about three important areas of SIEM deployments: functionality, scalability, and flexibility.
Functionality
What does a SIEM do? Wikipedia [1] suggests: Data aggregation; Correlation; Alerting; Dashboards; Retention, and; Forensic Analysis - a good list of foundational features, but these are taken-for-granted in a modern SIEM. What else does a SIEM do for you,? What makes your SIEM a winner in your environment?
FortiSIEM brings a raft of functionality that provides a winning solution for modern enterprise and service provider environments:
|
Feature
|
Description
|
Benefit
|
|
Combined NOC&SOC Analytics
|
Performance and availability monitoring via active device discovery
|
- Greater ROI
- Greater security vantage
- Greater ease of use
- Reduced MTTR
- Greater functionality & flexibility
|
|
Integrated CMDB
|
Asset list of discovered devices, plus device monitoring
|
|
Integrated UEBA
|
Visibility of client activity. AI driven anomaly detection.
|
|
Mitre ATT&CK(r) Framework
|
ATT&CK framework integration down to the technique level
|
|
Flexible multi-tier dashboards
|
Customizable, graphical, widget based dashboards
|
|
Integrated case management
|
Built in case management, plus integration with external ticket systems
|
|
Full multi-tenancy capabilities
|
End to end multi-tenancy features for service provider deployments
|
|
And more…
|
|
Scalability
How big will your SIEM deployment be on day 1? How about the day after? A year later? Sizing a SIEM deployment can be tricky, but is a critical part of deploying a solution that will deliver the log ingestion and query performance that you need.
FortiSIEM's Rapid Scale Architecture utilizes a scale out architecture and shared storage to scale from a small single node deployment up to a large multi-node cluster. The architecture is easy to understand and easy to scale; it consists of just three node types: supervisor, worker and collector. Need to scale your FortiSIEM? Add more workers and collectors.
Flexibility
FortiSIEM's broad feature set and scalable architecture deliver a flexible, winning solution for our customers:
- Deploy FortiSIEM in a small enterprise that needs an easy to use solution that can deliver real added value to IT departments
- Deploy FortiSIEM in a large enterprise environment that needs a scalable and effective but easy to use SIEM solution that provides: more functionality. greater visibility, and reduced MTTR
- Deploy FortiSIEM in a MSP or MSSP environment that needs a scalable, multi-tenant capable platform that can be easily and efficiently used to deliver hosted or managed SIEM services
Head over to https://www.fortinet.com/products/siem/fortisiem to read more about how FortiSIEM can bring greater value to your organization, or contact your Fortinet partner or account manager today.
References
[1] https://en.wikipedia.org/wiki/Security_information_and_event_management
