FortiSIEM Blog
BenBritton
Staff
Staff

Let's talk about three important areas of SIEM deployments:  functionality, scalability, and flexibility.

 

Functionality

What does a SIEM do?  Wikipedia [1] suggests: Data aggregation; Correlation; Alerting; Dashboards; Retention, and; Forensic Analysis - a good list of foundational features, but these are taken-for-granted in a modern SIEM. What else does a SIEM do for you,? What makes your SIEM a winner in your environment?

FortiSIEM brings a raft of functionality that provides a winning solution for modern enterprise and service provider environments:

 

Feature

Description

Benefit

Combined NOC&SOC Analytics

Performance and availability monitoring via active device discovery

  • Greater ROI
  • Greater security vantage
  • Greater ease of use
  • Reduced MTTR
  • Greater functionality & flexibility

Integrated CMDB

Asset list of discovered devices, plus device monitoring

Integrated UEBA

Visibility of client activity. AI driven anomaly detection.

Mitre ATT&CK(r) Framework

ATT&CK framework integration down to the technique level

Flexible multi-tier dashboards

Customizable, graphical, widget based dashboards

Integrated case management

Built in case management, plus integration with external ticket systems

Full multi-tenancy capabilities

End to end multi-tenancy features for service provider deployments

And more…

 

 

Scalability

How big will your SIEM deployment be on day 1? How about the day after? A year later? Sizing a SIEM deployment can be tricky, but is a critical part of deploying a solution that will deliver the log ingestion and query performance that you need.

FortiSIEM's Rapid Scale Architecture utilizes a scale out architecture and shared storage to scale from a small single node deployment up to a large multi-node cluster. The architecture is easy to understand and easy to scale; it consists of just three node types: supervisor, worker and collector. Need to scale your FortiSIEM? Add more workers and collectors.

 

Flexibility

FortiSIEM's broad feature set and scalable architecture deliver a flexible, winning solution for our customers:

  • Deploy FortiSIEM in a small enterprise that needs an easy to use solution that can deliver real added value to IT departments
  • Deploy FortiSIEM in a large enterprise environment that needs a scalable and effective but easy to use SIEM solution that provides: more functionality. greater visibility, and reduced MTTR
  • Deploy FortiSIEM in a MSP or MSSP environment that needs a scalable, multi-tenant capable platform that can be easily and efficiently used to deliver hosted or managed SIEM services

Head over to https://www.fortinet.com/products/siem/fortisiem to read more about how FortiSIEM can bring greater value to your organization, or contact your Fortinet partner or account manager today.
 

References

 [1] https://en.wikipedia.org/wiki/Security_information_and_event_management