We primarily use the solution for integration with FortiGate Firewall. We use it for multiple authentification, malware detection, and protection from DDoS attacks.
Security Manager at BKL
Seamless integration with FortiGate, and has an easy setup, but is lacking user behavior analytics
Pros and Cons
- "The seamless integration with FortiGate is the solution's most valuable aspect."
- "When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
What is our primary use case?
What is most valuable?
The seamless integration with FortiGate is the solution's most valuable aspect.
What needs improvement?
When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement.
The solution should offer user behavior analytics in a future release.
For how long have I used the solution?
I've been using the solution for two years.
Buyer's Guide
Fortinet FortiSIEM
November 2024
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
We don't have any expansion requirements, so I've never looked into scalability.
How are customer service and support?
We've never reached out to technical support. If we need assistance, we typically look for FortiGate documents or scan their blog site. We handle any problems internally.
Which solution did I use previously and why did I switch?
We previously used an open-source solution called Elastic.
How was the initial setup?
The initial setup is easy.
What about the implementation team?
We received support from an integrator.
Which other solutions did I evaluate?
We evaluated AlienVault and SolarWinds. These were both within our limited budget, but we chose FortiSIEM because it integrated seamlessly with FortiGate firewall.
What other advice do I have?
We use the on-premises deployment model.
I'd recommend this solution to companies that have a FortiGate firewall and are on a limited budget.
I'd rate the solution six out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager, Security Services at a financial services firm with 5,001-10,000 employees
We like the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation.
Pros and Cons
- "The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
- "Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
How has it helped my organization?
There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.
What is most valuable?
The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.
What needs improvement?
Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.
Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.
What do I think about the stability of the solution?
In general, the system is stable.
What do I think about the scalability of the solution?
We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.
How are customer service and technical support?
Customer Service:
Customer service is mediocre, but the relationship is improving with focused attention on customers.
Technical Support:
Technical support is good.
Which solution did I use previously and why did I switch?
We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.
How was the initial setup?
The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.
What about the implementation team?
We implemented it with out in-house team.
Which other solutions did I evaluate?
We didn't evaluate other options as this was a direct, suggested replacement to MARS.
What other advice do I have?
Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Fortinet FortiSIEM
November 2024
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Senior Enterprise Information Security Architect at a healthcare company with 1,001-5,000 employees
It provides intelligent alerting and the out-of-the-box rules don't require much tuning or management overhead.
What is most valuable?
- The automation piece -- its ability to dynamically discover which services need to be monitored and to automatically setup the appropriate monitoring.
- We also like the intelligence behind the alerting; we like the out-of-the-box rules that don’t require a lot of tuning.
- The product doesn’t require a lot of manpower, so there isn’t a lot of tuning or management overhead required for it.
How has it helped my organization?
We outsource a lot of our IT. We are able to monitor performance and security and to perofrm audits to ensure our outsourcing partners are doing what we are pay them for.
What needs improvement?
The way that upgrades are handled could be a bit cleaner. That might have been improved in the new version, but where we are, the upgrade process takes the system down for the period of the upgrade. So the lost data during that downtime can be frustrating.
For how long have I used the solution?
I've used it for four years.
What was my experience with deployment of the solution?
We did, but AccelOps were very, very helpful. I don’t think the product was configured or tuned for an environment as large as ours, so there were some performance issues at first, but they were very helpful and they had developers and engineers on the phone with us to help resolve those issues. They even used the experience with us as a test case to build improvements into the product.
What do I think about the stability of the solution?
No issues since the product was installed.
What do I think about the scalability of the solution?
No issues since the product was installed.
How are customer service and technical support?
Customer Service:
Their sales people have always been helpful and friendly, and they’ve given us some things for free, like training. It’s been good. We’ve even had some of the higher-ups at AccelOps call us with new product offerings for us because they know our organization so well.
Technical Support:I would say it’s more on the average side. Once I can get someone engaged they’re good about getting the problem solved, but sometimes it’s hard to get someone on the line to help resolve your problem.
Which solution did I use previously and why did I switch?
No, this is the first solution like this that we’ve had.
How was the initial setup?
The setup was straightforward, but the performance issues we had were the biggest stumbling block. In terms of getting it out of the box and up and running, it really wasn’t difficult at all.
What about the implementation team?
I did it myself in-house.
What's my experience with pricing, setup cost, and licensing?
The pricing is very, very affordable. For the value you get, I think it’s about the cheapest solution on the market.
What other advice do I have?
I think the biggest thing to understand is that it’s like a Swiss Army knife. You get a lot of tools for a lot of things, but don’t expect it to be a killer app in any one area.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Product Manager at a financial services firm with 201-500 employees
Simple implementation, good performance, but scalability lacking
Pros and Cons
- "The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
- "Fortinet FortiSIEM could improve to extend to several locations or sites."
What is our primary use case?
I am using Fortinet FortiSIEM to correlate events in our enterprise.
How has it helped my organization?
Fortinet FortiSIEM has helped our organization by providing us with business monitoring.
What is most valuable?
The most valuable feature of Fortinet FortiSIEM is the correlation of many events.
What needs improvement?
Fortinet FortiSIEM could improve to extend to several locations or sites.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for approximately two years.
What do I think about the stability of the solution?
The stability of Fortinet FortiSIEM is okay but it could improve.
What do I think about the scalability of the solution?
We would like to increase the usage of Fortinet FortiSIEM.
How are customer service and support?
The technical support from Fortinet FortiSIEM is good.
Which solution did I use previously and why did I switch?
We previously used Juniper Security Threat Response Manager.
How was the initial setup?
The initial setup of Fortinet FortiSIEM is easy. The full deployment took approximately seven days.
What about the implementation team?
We had one supervisor and two others that helped do the implementation of Fortinet FortiSIEM. We did the implementation in-house.
We have five network administrators for maintenance.
What was our ROI?
We have seen a return on investment using Fortinet FortiSIEM.
What's my experience with pricing, setup cost, and licensing?
There are additional features that cost more than the standard licensing fees.
Which other solutions did I evaluate?
We evaluated two other solutions before choosing Fortinet FortiSIEM. The graphical user interface is better in Fortinet FortiSIEM.
What other advice do I have?
I rate Fortinet FortiSIEM a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Asst Programmer Data Center at a consultancy with 10,001+ employees
Stable and pretty affordable
Pros and Cons
- "We find the solution to be stable."
- "The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."
What is our primary use case?
We primarily use it for all of our cloud space and for firewalls,and AWS security services etc., for example, for the email, Cloud watch and AWS security HUB
How has it helped my organization?
Single pane of glass for security issues
What is most valuable?
There's a great feature on the solution that allows us to analyze security issues and incidents. It automatically allows us to trace any incident. It's an invaluable aspect of the solution.
The solution has a relatively low cost.
We find the solution to be stable.
It's my understanding that the solution can scale well.
What needs improvement?
The solution needs to be form flow diagram automatically with AWS platform
For how long have I used the solution?
I've only been using the solution for the last six months.
What do I think about the stability of the solution?
The solution is stable. It's very reliable. There aren't bugs or glitches. It doesn't freeze or crash.
What do I think about the scalability of the solution?
I personally have never tried to scale the solution. That said, the solution is scalable and companies shouldn't have any issue expanding it as needed.
The solution is being used pretty extensively in our organization and we have several teams on it.
How are customer service and technical support?
We've definitely called technical support in the past when we have run into issues. We've been satisfied with the level of service they provide. We always get a proper response and they're always ready to resolve any issues we have. We are able to close tickets very quickly because they are so knowledgeable and responsive.
How was the initial setup?
The solution was fairly complex. However, this was due to the fact that we had to do a lot of configurations at the outset. The solution didn't make the process easy for us. Typically, it's easy to implement and I would be able to handle the process myself.
It took us about 15 days to deploy everything on our end.
What about the implementation team?
Implementation was done by Fortinet's Professional Service Team which was quite satisfactorily
What's my experience with pricing, setup cost, and licensing?
The solution is very cost-effective compared to competitors. We just need to pay licensing and support costs. There aren't added costs beyond that.
Which other solutions did I evaluate?
We didn't previously look at other solutions. We saw that Fortinet fit our needs, and therefore we chose it.
What other advice do I have?
We're a public utility, so we just use the solution. We don't have a business relationship with the company.
We use the latest version of the solution.
We use a variety of Fortinet solutions at our organization. For example, we integrate the complete AWS cloud space into that all FortiSIEM.
I'd recommend the solution to other organizations, especially those that are cost-conscious. Compared to there solutions' it's rather easy to implement.
I'd rate the solution overall seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
The product is a well rounded performer when it comes to combined Infrastructure and Security monitoring, however in traditional SIEM bake-offs, they need a lot more flavour to make it exciting.
Introduction:
How many of you remember Cisco MARS? Well, if you don’t, let me remind you that they were one of the earliest SIEM products around that stemmed from the infrastructure monitoring space. MARS was geared more towards monitoring and reviewing network infrastructure including their utilization, performance availability and logs. After a brief run in enterprises that were Cisco heavy, the product died a natural death. People who were involved in the product left Cisco and started AccelOps (Accelerate Operations). As a product, they took the fundamentals of data collection and integrated infrastructure log, event monitoring to the data analytics platform. The result is a promising product called AccelOps.
They have since been acquired by Fortinet, marking their foray into the larger Enterprise SIEM market dominated by the likes of HP, IBM, Splunk, etc.
AccelOps:
As you can guess, by virtue of collecting data from various sources like network devices and servers, AccelOps is a product that provides fully integrated SIEM, file integrity monitoring (FIM), configuration management database (CMDB), and availability and performance monitoring (APM) capabilities in a single platform.
- APM Capability: This is their strong suit and it is MARS on steroids. AccelOps excels in capturing statistics to provide insights into system health. This provides value in a MSSP/NOC/SOC setup as there is no need for an additional monitoring platform. Again, Syslog or SNMP are your best bets for APM.
- File Integrity Monitoring: Very few SIEM products (think AlienVault) offer native FIM capabilities and to see it in AccelOps is refreshing. The way they do so is no surprise as FIM can only be done effectively using an agent-based approach and Accelops does the same.
- CMDB: AccelOps has the capability to keep track of all the elements in an organisation’s network infrastructure like network devices, UPS, servers, storage, hyper-visors, and applications. Using the data, a Centralised Management Database (CMDB) is available in AccelOps. This again is very unique and even AlienVault with all its Unified SIEM branding, does not shine as much as AccelOps does.
- SIEM: Now that all the data from various network infrastructure is available in AccelOps along with CMDB, the ability to cross-correlate, in real-time, becomes easy and AccelOps does that using its own patented correlation engine. The SIEM capability comes with all the bells and whistles one would expect – rules, dashboards, alerting, analytics, intelligence, etc.
Now let us look at the Strengths and Weakness of AccelOps as a product
The Good:
- AccelOps’ combination of SIEM, FIM and APM capabilities in a single box helps in Centralised operations as well as security monitoring.
- AccelOps serves as a centralised data aggregation platform for system health data, network flow data, as well as event log data.
- AccelOps has a mature integration capability with traditional incident management and workflow tools like ServiceNow, ConnectWise, LanDesk and RemedyForce.
- From a deployment flexibility point of view, AccelOps excels in virtualisation environments. However, they are also available in traditional form factors. If customers prefer cloud, they are also available for deployments in either public, private or hybrid clouds.
- From an architecture perspective, they have three layered tiers.
- The Collector tier does exactly what the name suggests – collects data from end log sources.
- The Analytics tier receives data from the collector tier. This analytics tier is built on big data architecture fundamentals supporting a master/slave setup. In AccelOps terms, it is a Supervisor/Worker setup.
- The Storage tier then serves as the data sink housing the CMDB and the big data file system.
- Because of the architecture setup, the scalability is not an issue with AccelOps. It does scale well with clustering at Analytics and Storage tiers.
The Not So Good:
- The most obvious is that AccelOps as a product has relatively low visibility in the market. However, this is bound to change with the Fortinet buy. They will hopefully be seen in more competitive bids and evaluations.
- While AccelOps tries to be a “Jack of All”, it unfortunately is a master of none. This means that the product has poor support for some third-party security technologies, such as data loss prevention (DLP), application security testing, network forensics and deep packet inspection (DPI). This hinders the product's versatility in large environments.
- Parsing is a key aspect of SIEM and in this area too AccelOps lacks extensive coverage as seen amongst competition. While most of the popular ones are parsed out of the box, others require custom parser development skills, which unfortunately requires a steep learning curve or product support to help build.
- While for Network engineers and analysts the interface makes sense, from a SIEM view, the usability could definitely be improved. This issue is evident when looking at dashboards, report engines, alerts, etc., which seem to be afflicted with information overdose.
- Ease of deployment is there, however, the configuration takes a lot of time considering the fact that there are several tool integrations to be done before it can generate value. Some of the configurations are really complex and may lead to the user or admin being spooked. We were reminded of the MARS days time and again while evaluating this product.
- The UI, while presenting data in a very informative way, suffers from too much clutter, hindering usability. While this is a personal opinion, with SIEM tools comparisons against the likes of IBM, Splunk, and even LogRhythm, the AccelOps UI does not excite. We hope that Fortinet brings to the fore its UI maturity to AccelOps, thereby becoming much more savvy.
- Correlation capabilities are very good when it comes to data visibility, compliance, and infrastructure monitoring use cases. However, when it comes to threat-hunting, trend analysis, behaviour profiling, AccelOps has a lot of ground to cover.
- Without Infrastructure data, AccelOps loses its edge. As a traditional SIEM, collecting only Event logs makes it look like a pretty basic SIEM. This can be quite an issue in organisations where infrastructure monitoring is already being done by other tools. Unless customers duplicate data sets across the tools, the value is poor.
Conclusion:
All in all, the product is a well rounded performer when it comes to combined infrastructure and security monitoring, however in traditional SIEM bake-offs, they need a lot more flavour to make it exciting. Hopefully the Fortinet buy will do just that. We will continue to watch out for this product and its road map in coming months.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at netfiniti
Good GUI, helpful technical support, and easy to configure
Pros and Cons
- "The product is quite well-organized. The GUI makes it easy to navigate."
- "It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
What is our primary use case?
I primarily use the solution as part of the firewall. I work mostly with banks and have extensive experience with configuring the VPN in relation to Fortinet.
What is most valuable?
The solution is quite user-friendly.
It's very easy to configure everything, including the VPN. It gives you lots of good options.
The product is quite well-organized. The GUI makes it easy to navigate.
What needs improvement?
The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed.
You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process.
It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option.
The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.
For how long have I used the solution?
I've been using the solution for about seven months at this point. It's been less than a year.
What do I think about the stability of the solution?
The stability of the product is fairly good. It's likely 70-80% there in terms of stability. There are many versions and the stability may vary slightly on each.
In terms of security, however, I would say it's very stable.
We haven't implemented the latest version yet as it hasn't been implemented widely.
In general, the stability isn't a problem for us and we don't need to worry too much about it.
How are customer service and technical support?
The technical support is quite fine. We can communicate with them easily if we need to. If we have a problem or we need an issue addressed, we simply open a ticket and the Fortinet team is ready to assist. They are very knowledgeable and responsive. We've been satisfied with the support they give us.
How was the initial setup?
The initial setup does take some time to learn. I'm in the process of learning more about it now, specifically in relation to configuration or the VPN.
What's my experience with pricing, setup cost, and licensing?
If you are comparing the product to Cisco's solutions, it's very cheap and moderately priced. It's affordable. At the same time, it's a very effective solution. It's affordable and it works well.
What other advice do I have?
On a scale from one to ten, I would rate the product at an eight. It's been a pretty positive experience overall. I'm still learning the solution and discovering new things about it, however, it has everything I need at the same time.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Partner at a security firm with 11-50 employees
Good network monitoring with excellent scalability and good stability
Pros and Cons
- "The stability is very reliable. It offers very good performance."
- "The policy editing should be easier. Right now, it's too hard."
What is our primary use case?
We primarily use the solution for network and security monitoring.
What is most valuable?
Most of those CM functions and the correlation alerts are very helpful to our clients.
The network monitoring is one of the most valuable aspects of the solution.
You can scale the solution with ease if you need to expand.
The stability is very reliable. It offers very good performance.
What needs improvement?
The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product.
The policy editing should be easier. Right now, it's too hard.
Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier.
The product is quite expensive. It's something clients always comment on.
For how long have I used the solution?
We have been using the solution for many years - including before Fortinet acquired the original organization.
What do I think about the stability of the solution?
The solution is quite stable. We find it very reliable. It doesn't crash or freeze. There aren't bugs and glitches.
What do I think about the scalability of the solution?
The scalability of the solution is excellent. It's one of the main reasons we chose to go with this option. If a company needs to expand, it can do so easily. There aren't constraints.
We have about five to ten customers on the solution currently.
How are customer service and technical support?
I'm not using the vendor's technical support. Mostly we have our own in-house resources. I cannot tell if are they good or bad. I have never dealt directly with them. Therefore, it would be difficult to review their services.
How was the initial setup?
In terms of the initial setup, the process is not straightforward. It's complex and difficult. Making it easier would help a lot.
All CM installations and implementations are complicated. You have to tailor the product. It's not really something you can just implement out-of-the-box.
That said, a basic installation is simple. It takes a few days. After you've done the implementation stage, then it takes time. Of course, it depends on the projects. I cannot say how much time it's taken exactly. I just know it takes quite a while.
For deployment, we use two people in a project. One of them is for the beginning of the project - for the implementation and the installation process. The other is the administration which we are generally pas off to our customers. I tend to handle the daily operations.
What's my experience with pricing, setup cost, and licensing?
All of our customers find the solution expensive. It's not a cheap option.
I don't know the exact cost of the solution as I don't directly handle the licensing.
What other advice do I have?
We are actually a reseller service company and we are dealing with the solutions for our customers. We are using the SIEM solutions. We are not a user, we are a reseller.
We have many customers. Not all may be using the latest version of the solution.
I would recommend the solution.
In general, I would rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
SolarWinds NPM
PRTG Network Monitor
AWS Security Hub
LogRhythm SIEM
Cisco Secure Network Analytics
ThousandEyes
Nagios XI
Sumo Logic Security
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region
This looks like a review from another site which not a real customer review.