Fortinet FortiSIEM Reviews

In large-sized medium-sized and a small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root cause. The most value I’ve found in it, quicker time-to-resolution.

I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.

The biggest thing that could be better is a quicker response to support cases.

As I keep the system updated it helps to keep the system stable, but it’s been extremely stable and extremely reliable.

I have scaled it out with multiple workers and collectors. It’s scaled in every direction that I would like it to, geographically and from a correlation and reporting capacity standpoint.

I’ve had lots of different engagements with support over the years and generally I’ve had very good support, knowledgeable staff and occasionally you’ll have a weird problem, longer to resolve than some other problems; but generally speaking, the support’s been very good.

I’ve used the product for a long time so I’ve requested quite a few different features. Those features have always been added, and it’s been more or less the time they need depending on what the feature is.

It’s not harder than any other similar product. It’s very easy to set up in the fact that they provide an OVA file that you can quickly and simply download and with a few configuration settings be on the network. There are multiple other deployment options for other hypervisors as well as bare metal deployments. More than anything the troubles come with configuring all of your log sources to send the necessary log messages. That’s true for any product, not just Accelops.

My advice would be to come up with a game plan to figure out exactly what devices or what system to focus on. Then (once you become familiar with reporting, alerting and tuning) integrate more devices/systems into Accelops.

If a customer is looking to establish a centralized monitoring and security solution, Fortinet FortiSIEM can be tailored to meet their specific needs effectively. This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.

It works exceptionally well when combined with a vulnerability management solution.

Customer support service could be better.

It provides great stability features.

Scalability is excellent, especially for our enterprise-level clients.

I have moderate satisfaction with customer support, and we've learned to manage it adequately. I would rate it three out of ten.

Negative

I previously worked with LogPoint, which had rigid pricing structures. In contrast, we value flexibility and aim to provide more adaptable support, so we switched to Fortinet FortiSIEM.

The initial setup is quite swift.

The deployment process usually takes just one to two days to have the basics up and running. This involves connecting the collectors and configuring the systems.

Pricing is determined based on the customer's budget. We discuss how to tailor the pricing to fit the specific needs and financial considerations of the customer.

I would highly recommend it. It's a top-tier solution, receiving a solid ten out of ten rating.

My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.

Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.

The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.

I have been using Fortinet FortiSIEM for two years.

Stability is very good.

Fortinet FortiSIEM is scalable.

Technical support is perfect.

The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.

We use an integrator for the deployment of Fortinet FortiSIEM. 

The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.

Before fitting the product into your environment, make sure you have the right requirements.

I would rate Fortinet FortiSIEM a 9 out of 10.

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

We used Fortinet consultants for the deployment.

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

We're able to get real-timec as well as our customer networks that we're monitoring at all times.

• Visibility
• Flexibility

The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph. I've already made a specific feature request to just make it look sexier because that's what customers like to see.

The stability has been very good. We've had no issues with instability.

What we really like about it is the ability to scale without costing an arm and a leg for us. They're highly virtualized and, as a result, we're able to deploy in a lot faster manner than shipping their metal to a location that might have to be purchased in another state or country.

We have used their technical support as well as their customer service. They've always got back to us in a timely manner. We've never had an issue of being able to get to the right person. If it doesn't get to the right person, it gets escalated very fast.

We used LogRhythm, and Accelops replaced it.

I wasn't involved in the initial setup, but my team was.

You always have to do your due diligence. I'm pretty sure a lot of the other competition is just as capable, however we deal with aircrafts, which is a different, unique beast. It enables us to understand an aircraft or sat-com network infrastructure, so it's not like a traditional type of log file that you have to normalize.

Some companies work with Windows desktops and servers, but we don't. Again, be sure to do your due diligence because whether Accelops is right for you depends on your use case. Make sure also that you have an MSSP model like we do so that you're able to deliver for your customers.

I use the solution in my company since it provides ease of monitoring. My company uses the product to get reports for our customers and monitoring purposes, as per the customer's preferences.

At times, I have noticed that Fortinet FortiSIEM suddenly goes down, and because of this, I have to reboot the servers from the engineers. Usually, I have to restart the panel again to get the product functioning. The aforementioned area of concern has been around for a very long time, making it something where improvements are required.

The stability of the product is an area of concern where improvements are required.

ArcSight can provide a detailed report for a year in a PDF format. In Fortinet FortiSIEM, there is a need to put in manual effort to get a detailed report. In Fortinet FortiSIEM, if I get reports for a specific time frame, I have to manually narrow them down by myself, after which I will not be able to get them in a Word or PDF format, which can be challenging.

I have been using Fortinet FortiSIEM for a year. My company uses the product for some of our internal purposes.

It is a scalable tool. The product can handle a considerable number of customers.

At the moment, there are only two people in my company who use the solution. In the future, the number of uses may increase, especially if my company has to deal with more customers who want to use Fortinet FortiSIEM.

Based on what I heard from my colleagues, the technical support is not bad. My colleagues directly contact the technical support for help.

The product's initial setup phase was easy. I wasn't a part of the deployment process.

In terms of how the tool supports our company's compliance monitoring and reporting practices, I would say that it stems from the fact that Fortinet FortiSIEM is able to serve what our company's customers want while also having the ability to offer solutions, making it quite easy for us to give the customers what they want. The fact that the solution helps my company provide the reports that my customer wants is actually nice. The tool also offers customization ability.

The features of Fortinet FortiSIEM that I find most effective for real-time security event correlation are real-time server connections, which allow me to see all the servers that are online at a particular period of time. The product also shows the threats and bifurcates them into high, medium, and low. The solution has the ability to generate reports easily. The product also provides specific solutions for any threats that are found.

The way Fortinet FortiSIEM improves my company's security posture stems from the fact that with the tool, I can see whatever is happening in real-time. In terms of security issues, if I try to see the problem or threat, then I can really dig deep into what is happening, which is a nice feature.

The tool is easy to maintain. Only two people are required to maintain the solution.

If I compare the integration capabilities of ArcSight with Fortinet FortiSIEM, I would have to say that the latter is in a better position to provide its customers with more details in terms of cybersecurity threats or if they want to compare the firewalls. Fortinet FortiSIEM is better for customers with no cybersecurity knowledge since it helps them understand the product. Fortinet FortiSIEM is better for the security of its customers.

I would ask those who plan to use the Fortinet FortiSIEM to see whether there are other solutions with which it needs to interact in their environment. Fortinet FortiSIEM is one of the best solutions I have dealt with, considering that it has a nice user interface. The update page is good and works in real time. The firewall part of the tool is good. I don't think there is anything that can cause problems for the tool's firewall. I actually liked the tool's firewall.

I rate the overall tool a nine out of ten.

There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.

Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.

In general, the system is stable.

We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.

Customer Service:

Customer service is mediocre, but the relationship is improving with focused attention on customers.

Technical Support:

Technical support is good.

We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.

The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.

We implemented it with out in-house team.

We didn't evaluate other options as this was a direct, suggested replacement to MARS.

Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.

We use it as our main SIEM tool for creating rules, creating alerts, monitoring, and accessing CMDB. We also use it to monitor a few more things related to writing security.

I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.

With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk.

When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.

I've been using it for a year and a half.

It's pretty stable. We haven't faced any critical issues with stability.

We had some issues when there were a few more updates or patches, but the technical support from FortiSIEM was pretty good and got it all sorted.

If you're using it for multi-tenant solutions, it will be pretty good, but it won't support running more than 20 clients on the same platform. It would need more resources. Even if you are implementing it for multi-tenant solutions, you would need implement fewer clients on it so that it has to use less effort.

On a scale from one to ten, I would rate it at eight.