Fortinet FortiSIEM Reviews

I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.

The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.

Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.

The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.

I have been using Fortinet FortiSIEM since 2018.

Stability-wise, I rate the solution a nine out of ten.

If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.

It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.

My company deals with around six customers who use the product.

The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.

The product's initial setup phase is easy.

In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.

After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.

I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.

There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.

The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.

I rate the integration capabilities of the tool a nine out of ten.

The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.

It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.

I rate the tool a nine out of ten.

We use it as our main SIEM tool for creating rules, creating alerts, monitoring, and accessing CMDB. We also use it to monitor a few more things related to writing security.

I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.

With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk.

When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.

I've been using it for a year and a half.

It's pretty stable. We haven't faced any critical issues with stability.

We had some issues when there were a few more updates or patches, but the technical support from FortiSIEM was pretty good and got it all sorted.

If you're using it for multi-tenant solutions, it will be pretty good, but it won't support running more than 20 clients on the same platform. It would need more resources. Even if you are implementing it for multi-tenant solutions, you would need implement fewer clients on it so that it has to use less effort.

On a scale from one to ten, I would rate it at eight.

In large-sized medium-sized and a small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root cause. The most value I’ve found in it, quicker time-to-resolution.

I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.

The biggest thing that could be better is a quicker response to support cases.

As I keep the system updated it helps to keep the system stable, but it’s been extremely stable and extremely reliable.

I have scaled it out with multiple workers and collectors. It’s scaled in every direction that I would like it to, geographically and from a correlation and reporting capacity standpoint.

I’ve had lots of different engagements with support over the years and generally I’ve had very good support, knowledgeable staff and occasionally you’ll have a weird problem, longer to resolve than some other problems; but generally speaking, the support’s been very good.

I’ve used the product for a long time so I’ve requested quite a few different features. Those features have always been added, and it’s been more or less the time they need depending on what the feature is.

It’s not harder than any other similar product. It’s very easy to set up in the fact that they provide an OVA file that you can quickly and simply download and with a few configuration settings be on the network. There are multiple other deployment options for other hypervisors as well as bare metal deployments. More than anything the troubles come with configuring all of your log sources to send the necessary log messages. That’s true for any product, not just Accelops.

My advice would be to come up with a game plan to figure out exactly what devices or what system to focus on. Then (once you become familiar with reporting, alerting and tuning) integrate more devices/systems into Accelops.

I work in our presales department. We have three of our clients using Fortinet FortiSIEM.

The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.

We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.

FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication. We use VPN instead of publishing services to the world, and we closed some services that are no longer being used. Eventually, we geographically blocked some services that do not need to be published in China or the United States, for example.

FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries. 

The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated process and takes time.

In future releases, I would like to see a resource for common environments like VMware and VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation.

We have been using Fortinet FortiSIEM for a year and a half.

Being a Linux virtual appliance, FortiSIEM is a stable platform.

We are located in Uruguay, which is a small country. We have no issues with scalability because we have so few people and our IT infrastructure is quite simple. 

Our customers have between 200 and 400 users of Fortinet FortiSIEM.

I would rate the customer service and support of Fortinet FortiSIEM a four out of five. They are quite good.

Positive

Prior to FortiSIEM, we did not use SIEM. We had a log concentrator, but it did not have the ability or the AI to correlate logs like SIEM has.

We decided to implement FortiSIEM because SIEM has the ability to create logs using AI. With a log concentrator, we have all the events there, but there is no relation between them and what we have to do manually.

The initial setup of Fortinet FortiSIEM is easy. The solution is on a virtual appliance that you download and put in the VMworld or on-premise. I would rate the ease of initial setup a five out of five.

Deployment and implementation of FortiSIEM took three months due to the tuning and the building of the dashboards. We used Fortinet professional services for our first deployment. For the second deployment, we used our in-house team. 

We are seeing very good results on a security level.

Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put them in your environment or in the cloud. Without the disk, you have to turn off the device.

I would rate them a three out of five overall for pricing.

We did consider Sentinel in Azure because it is almost free.

If you are considering Fortinet FortiSIEM for your organization, write down what alerts are important to you, which devices deserve to be monitored, and which logs you really need. You will need to customize all of this. If you have all of this detailed, the implementation process will be easier.

I would rate the solution an eight out of ten overall.

I am using Fortinet FortiSIEM to correlate events in our enterprise.

Fortinet FortiSIEM has helped our organization by providing us with business monitoring.

The most valuable feature of Fortinet FortiSIEM is the correlation of many events.

Fortinet FortiSIEM could improve to extend to several locations or sites.

I have been using Fortinet FortiSIEM for approximately two years.

The stability of Fortinet FortiSIEM is okay but it could improve.

We would like to increase the usage of Fortinet FortiSIEM.

The technical support from Fortinet FortiSIEM is good.

We previously used Juniper Security Threat Response Manager.

The initial setup of Fortinet FortiSIEM is easy. The full deployment took approximately seven days.

We had one supervisor and two others that helped do the implementation of Fortinet FortiSIEM. We did the implementation in-house.

We have five network administrators for maintenance.

We have seen a return on investment using Fortinet FortiSIEM.

There are additional features that cost more than the standard licensing fees.

We evaluated two other solutions before choosing Fortinet FortiSIEM. The graphical user interface is better in Fortinet FortiSIEM.

I rate Fortinet FortiSIEM a seven out of ten.

We're able to get real-timec as well as our customer networks that we're monitoring at all times.

• Visibility
• Flexibility

The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph. I've already made a specific feature request to just make it look sexier because that's what customers like to see.

The stability has been very good. We've had no issues with instability.

What we really like about it is the ability to scale without costing an arm and a leg for us. They're highly virtualized and, as a result, we're able to deploy in a lot faster manner than shipping their metal to a location that might have to be purchased in another state or country.

We have used their technical support as well as their customer service. They've always got back to us in a timely manner. We've never had an issue of being able to get to the right person. If it doesn't get to the right person, it gets escalated very fast.

We used LogRhythm, and Accelops replaced it.

I wasn't involved in the initial setup, but my team was.

You always have to do your due diligence. I'm pretty sure a lot of the other competition is just as capable, however we deal with aircrafts, which is a different, unique beast. It enables us to understand an aircraft or sat-com network infrastructure, so it's not like a traditional type of log file that you have to normalize.

Some companies work with Windows desktops and servers, but we don't. Again, be sure to do your due diligence because whether Accelops is right for you depends on your use case. Make sure also that you have an MSSP model like we do so that you're able to deliver for your customers.

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

We used Fortinet consultants for the deployment.

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

Although we're still in training, we can expect to see and address issues in our network, such as configuration errors that caused latency between disc, storage and server that we weren't aware of before.

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there. I'd like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I'm looking for to determine whether we're healthy, what's our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.

So far, it appears to be stable. Early on, there were some lags with certain things happening and my guys weren't quite sure how stuff fit together, but I think that will wash out in the training. We need it to provide alerts, monitoring, security, and SIEM.

We've had no issues with scalability.

It's too early to comment on technical support. I don't have any complaints, and neither do my guys, so that's a good sign.

They got the system up and running pretty easily and now he's working with the engineering groups and others to start making sure that the SM&NT logs are all set. Right now we're in ramp-up mode, so once it's fully loaded we'll be able to talk more about how it's performing with that volume of logs and all the dashboards and things that we started automating.

I trust my server lead and his guys for the setup. They had to build a bigger box with new storage to keep all the new logs that we started pointing at it.

We knew we needed an SIEM tool, and actually looked at Accelops a year ago. At the time, it just wasn't stable enough and we didn't quite have the funding. Now, we did another review and Accelops came out on top with some improvements and better pricing. I found the initial money and had extra budget for ongoing maintenance.

Any of the top SIEM tools like this is going to give you a lot of information and that in itself is the challenge. There's so much information that you need to have at least one person who's dedicated almost full-time to it.