Fortinet FortiSIEM Reviews

In large-sized medium-sized and a small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root cause. The most value I’ve found in it, quicker time-to-resolution.

I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.

The biggest thing that could be better is a quicker response to support cases.

As I keep the system updated it helps to keep the system stable, but it’s been extremely stable and extremely reliable.

I have scaled it out with multiple workers and collectors. It’s scaled in every direction that I would like it to, geographically and from a correlation and reporting capacity standpoint.

I’ve had lots of different engagements with support over the years and generally I’ve had very good support, knowledgeable staff and occasionally you’ll have a weird problem, longer to resolve than some other problems; but generally speaking, the support’s been very good.

I’ve used the product for a long time so I’ve requested quite a few different features. Those features have always been added, and it’s been more or less the time they need depending on what the feature is.

It’s not harder than any other similar product. It’s very easy to set up in the fact that they provide an OVA file that you can quickly and simply download and with a few configuration settings be on the network. There are multiple other deployment options for other hypervisors as well as bare metal deployments. More than anything the troubles come with configuring all of your log sources to send the necessary log messages. That’s true for any product, not just Accelops.

My advice would be to come up with a game plan to figure out exactly what devices or what system to focus on. Then (once you become familiar with reporting, alerting and tuning) integrate more devices/systems into Accelops.

If a customer is looking to establish a centralized monitoring and security solution, Fortinet FortiSIEM can be tailored to meet their specific needs effectively. This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.

It works exceptionally well when combined with a vulnerability management solution.

Customer support service could be better.

It provides great stability features.

Scalability is excellent, especially for our enterprise-level clients.

I have moderate satisfaction with customer support, and we've learned to manage it adequately. I would rate it three out of ten.

Negative

I previously worked with LogPoint, which had rigid pricing structures. In contrast, we value flexibility and aim to provide more adaptable support, so we switched to Fortinet FortiSIEM.

The initial setup is quite swift.

The deployment process usually takes just one to two days to have the basics up and running. This involves connecting the collectors and configuring the systems.

Pricing is determined based on the customer's budget. We discuss how to tailor the pricing to fit the specific needs and financial considerations of the customer.

I would highly recommend it. It's a top-tier solution, receiving a solid ten out of ten rating.

Fortinet FortiSIEM is used to retrieve logs from different sources, such as network switches, firewalls, and servers, that are running difficult operating systems. The solution adds intelligence to the process that can provide meaningful information for the data analyst to use.

The solution can be deployed on the cloud or on-premise.

The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted.

The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial.

I have been using Fortinet FortiSIEM for a couple of years. 

The stability of Fortinet FortiSIEM is stable.

I rate stability Fortinet FortiSIEM an eight out of ten.

Fortinet FortiSIEM is known for its scalability, it scales well.

We have a couple of customers using this solution.

I rate the scalability of Fortinet FortiSIEM a nine out of ten.

The support from Fortinet FortiSIEM is great.

The initial setup is easy, but the time it takes for the deployment depends on the number of applications monitored. One of our clients has taken us three weeks, but a typical setup takes one month. Some logs are simple to configure while others can be more difficult. 

Deploying the solution is a straightforward process that involves just a few steps, such as loading the solution and configuring it, after which the solution will commence retrieving the data.

We do the implementation of the solution with two administrators within one month.

The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license.

My advice to others that might want to implement this solution is to know their business needs. There are other solutions, such as Splunk that can provide a lot more information when collecting data but it might not be needed for their use case. A small business would not need all the extra features of Splunk.

I rate Fortinet FortiSIEM an eight out of ten.

The solution's ability to collect data from different sources is its most valuable feature.

They should enhance the solution's AI capabilities, including XDR and EDR.

We have been using the solution for six months.

I rate the solution's stability as a nine.

I rate the solution's scalability as an eight. It works well with medium to large-scale enterprises.

The solution's tech support team is good.

The solution's initial setup is a bit complex as you have to do a lot of configuration. You have to collect data from different sources such as Microsoft, IBM, etc. The data extraction process differs for every system. Thus, you have to apply different protocols to collect data from various sources.

The solution has a lot of network solutions in its bucket. As a result, they provide excellent network strength. I advise others to know the product well before implementing it. I rate it as an eight.

My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.

Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.

The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.

I have been using Fortinet FortiSIEM for two years.

Stability is very good.

Fortinet FortiSIEM is scalable.

Technical support is perfect.

The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.

We use an integrator for the deployment of Fortinet FortiSIEM. 

The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.

Before fitting the product into your environment, make sure you have the right requirements.

I would rate Fortinet FortiSIEM a 9 out of 10.

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

We used Fortinet consultants for the deployment.

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

We're able to get real-timec as well as our customer networks that we're monitoring at all times.

• Visibility
• Flexibility

The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph. I've already made a specific feature request to just make it look sexier because that's what customers like to see.

The stability has been very good. We've had no issues with instability.

What we really like about it is the ability to scale without costing an arm and a leg for us. They're highly virtualized and, as a result, we're able to deploy in a lot faster manner than shipping their metal to a location that might have to be purchased in another state or country.

We have used their technical support as well as their customer service. They've always got back to us in a timely manner. We've never had an issue of being able to get to the right person. If it doesn't get to the right person, it gets escalated very fast.

We used LogRhythm, and Accelops replaced it.

I wasn't involved in the initial setup, but my team was.

You always have to do your due diligence. I'm pretty sure a lot of the other competition is just as capable, however we deal with aircrafts, which is a different, unique beast. It enables us to understand an aircraft or sat-com network infrastructure, so it's not like a traditional type of log file that you have to normalize.

Some companies work with Windows desktops and servers, but we don't. Again, be sure to do your due diligence because whether Accelops is right for you depends on your use case. Make sure also that you have an MSSP model like we do so that you're able to deliver for your customers.

There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.

Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.

In general, the system is stable.

We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.

Customer Service:

Customer service is mediocre, but the relationship is improving with focused attention on customers.

Technical Support:

Technical support is good.

We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.

The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.

We implemented it with out in-house team.

We didn't evaluate other options as this was a direct, suggested replacement to MARS.

Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.