"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"It's very, very versatile."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"The security aspects in general have been very useful to use."
"Initial setup is ok."
"FortiAnalyzer has a user-friendly interface with a quick response and good analytics. It's very secure because it's taking the log from the devices on a secure channel, so there is no problem with that in your network."
"Log collection is the most valuable. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine."
"The feature that I have found the most valuable is to be able to see everything in our network in a single task. A single menu and the graphical bar charts that it provides to give insights are very useful. It also gives very good metrics on bandwidth utilization, CPU, and device performance. It is very simple and easy to use as well."
"From my perspective, we need to see the traffic in a good way so we can know what has happened in our network. The analyzing tools and the monitoring tools and the logs are the important part in the network."
"FortiAnalyzer's reporting features like graphs, threat intelligence, and vulnerabilities analysis are helpful. Fortinet knows how to do reporting. You can customize your reports to show exactly what you want to analyze. It's user-friendly and doesn't require a lot of effort."
"Overall we are satisfied with all the features the solution provides."
"The solution is quite easy to deploy."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"I would like to have the ability to create more complex dashboards."
"At some level, the documentation, the information as far as the components, it's sometimes a little difficult to find the information necessary to implement aspects."
"If Fortinet could introduce some firewalling or maybe FortiAnalyzer on the cloud, that would be interesting because I've never seen it on a cloud."
"The cost of FortiAnalyzer could be cheaper, especially when you are installing to a VM. For 90 percent of customers, the VM solution is enough."
"The cloud version can be expensive. If the customers could get the resources to store the logs on-premises, it would be much better."
"One of the main disadvantages is not having a direct link to the security policy when you see something in the log."
"The traffic monitoring could be better, and stability could be improved."
"It will be better if behavior or indicators of compromise were on the same licensing schema. Currently, it is an advanced feature that you have to purchase as an add-on. This is the reason we're trying to do the ELK so that we can integrate them and create those rules by using open-source software. It will also be better if it has some more integration with IT service management tools so that we can do endpoint protection and response based on those indicators of compromise or those behavior analysis rules that create events that can automatically flow. We can inject that data into a service incident ticket on our IT service management tool, and that way we can assign the ticket to the proper teams and respond right away. Currently, we only have integration with ServiceNow."
"One thing we struggled with FortiAnalyzer was integration with SIEM. We also had issues with the new threats and APTs. There were false positives, so we needed to have some ratings related to false positives."
"Pricing-wise, it not affordable for the normal customer. Most of the people want to see different types of reporting, but FortiAnalyzer's fee is a little bit difficult."
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Elastic Beats is ranked unranked in Log Management with 1 review while Fortinet FortiAnalyzer is ranked 9th in Log Management with 27 reviews. Elastic Beats is rated 8.0, while Fortinet FortiAnalyzer is rated 8.2. The top reviewer of Elastic Beats writes "A great addition to our security monitoring system". On the other hand, the top reviewer of Fortinet FortiAnalyzer writes "Great dashboard with customizable reporting and excellent logs". Elastic Beats is most compared with Wazuh, Splunk, Elastic Security, Graylog and vRealize Log Insight, whereas Fortinet FortiAnalyzer is most compared with Splunk, Wazuh, Elastic Security, Graylog and LogRhythm NextGen SIEM.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
