FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.
The most valuable features of Fortinet FortiSIEM include:
1. Validated and authentic IP database for marking malicious IP attacks and generating alerts.
2. Cost-effectiveness and availability of the solution.
3. User and entity behavior analytics (UEBA) for providing useful information based on targeted behavior.
4. Email or SMS notifications for responding to significant incidents.
5. Integration with other Fortinet solutions and security fabrics like Cisco and Palo Alto.
6. Ability to collect data from different sources.
7. Making security processes transparent.
8. Log correlation capabilities.
9. Threat Hunting feature for complete traffic analysis.
10. Familiarity with Fortinet products for easy use.
11. Dashboards and customization options.
12. Discovering new threats from external sources. 1
3. Robust event correlation and user-friendly GUI.
14. Unique model for Managed Services Security Partner (MSSP) integration.
15. SD-WAN, Global LAN, and application controls.
Improvements for Fortinet FortiSIEM include:
1. Simplifying the configuration of database monitoring, particularly for MS SQL databases.
2. Enhancing the user interface to make it more visually pleasing and beneficial for data viewing.
3. Expanding integration with third-party vendors, especially newer ones, and incorporating features available in FortiSOAR.
4. Addressing the licensing model to prevent it from becoming expensive when integrating additional solutions.
5. Enhancing AI capabilities, including XDR and EDR.
6. Improving support responsiveness, patching, and introducing new features such as proper dashboards and real-time alert systems.
7. Offering better visibility, more correlation tools, and a better understanding of the network.
8. Implementing a licensing model based on the number of nodes and establishing a central repository.
9. Streamlining the installation process, customization of alerts, and providing resources for common environments.
10. Improving technical support, especially for nonstandard log sources, and ensuring infrastructure stability.
11. Striving to become a market leader in the SIEM space and gaining recognition in the magic quadrant of Gartner.
12. Incorporating signature updates and simplifying the integration of unsupported devices.
13. Extending capabilities to multiple locations or sites.
14. Improving integration with Cisco and Palo Alto, as well as enhancing the user interface for better navigation. 1
15. Enhancing the graphs on the user interface to eliminate glitches.
Users have reported positive outcomes regarding the security level achieved with Fortinet FortiSIEM. Some users do not track ROI, however, consider FortiSIEM as a necessary expense. Others have clearly stated that they have seen a return on investment while using Fortinet FortiSIEM, particularly when serving clients.
Fortinet FortiSIEM offers competitive pricing compared to other products in the market. The cost of the solution can vary depending on factors such as the number of devices and data sources being monitored.
It is recommended to choose a longer license duration to save money if planning to keep the solution for a while.
Fortinet's licensing model is based on events per second (EPS), which can make it challenging to calculate costs accurately as the platform scales. Additional costs may also be incurred for virtual space, custom parsing development, and day-to-day administration. However, the pricing is generally considered reasonable and competitive. Fortinet FortiSIEM offers flexible licensing models, including pay-as-you-grow options, and is available for both perpetual and subscription licenses.
The primary use case of Fortinet FortiSIEM is for log monitoring and alert generation. It is used to collect logs from critical servers and security devices in a customer's infrastructure.
The solution is also used by managed security service providers to offer cost-effective services to customers across various industries. FortiSIEM adds intelligence to the log retrieval process and can be deployed either on the cloud or on-premise. It is used to identify signs of malicious access, set rules based on customer preferences, and analyze logs from servers and firewalls.
Additionally, FortiSIEM is used for collecting logs, monitoring internet traffic, and as an alerting platform. It integrates logs from different sources, provides a common place to view and create dashboards, and utilizes AI for event checking.
The solution is used for security purposes, including detecting irregular behavior and responding to security threats. It is also utilized by service providers to deploy the solution for their customers.
Customers have generally praised the customer service and support of Fortinet FortiSIEM. They have found the support team to be helpful and responsive in assisting with configuration and resolving issues. However, some customers have mentioned that response times could be improved.
The initial setup for Fortinet FortiSIEM is described as straightforward and easy. Users mention that it can be completed within a week or less, depending on the specific requirements and environment.
Some reviewers appreciate the step-by-step guide provided by Fortinet, which covers installation and troubleshooting. However, a few reviewers mention that the initial setup can be complex, requiring configuration and data collection from different sources.
Fortinet FortiSIEM is highly scalable. It can initially be configured with a small number of devices and then easily scaled up to accommodate more devices. It is known for its ability to handle medium to large-scale enterprises. However, scaling may come with additional costs, and the licensing model can be a constraint.
The stability of Fortinet FortiSIEM is highly praised. Users describe it as a stable product, with good reliability and performance. They mention that it does not crash, freeze, or have bugs or glitches. However, there are a few mentions of issues related to integrating with third-party vendors and updates taking longer to resolve.
Companies around the world use FortiSIEM for the following use cases:
Fortinet FortiSIEM was previously known as FortiSIEM, AccelOps.
FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.