Fortinet FortiSIEM Reviews

We are a system integrator and we resell this solution.

Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections.  

Our customers are noticing configuration available in the GUI interface and I think that they should be equal.

Stability and scalability are perfect. 

The initial setup wasn't complex. It took three days to deploy and we required two people for the deployment. 

I would rate it a nine out of ten. The configuration should be equal with the GUI interface. 

My primary use case is that it is an analyst tool for hunting on your site network.

The platform is nice. It is not easy to implement, but once you do so, there is a lot of value from the platform. 

AccelOps can handle a lot of data and it's just so important to true monitoring. That is the strong point of AccelOps.

The second one is detecting. I can create a lot of rules to detect anything I like, and this is another strong point.

It's also the only SIEM platform on the market that has health monitoring capabilities, and correlates. For example, if a service is going down I can detect that it is going down and correlate it. For example, if it's because of an exploit can correlate this. It's a nice feature.

I think all SIEM platforms have a problem handling a lot of data. My response is "it depends." Depends on the people, depends on the product, depends on the technology. To implement any technology you need good people, and this is independent of the label of the company or technology. The stability is not bad, it's not good. It's a complicated question.

I don't have any feature for load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated. For example, the design is bad because you have one supervisor on one machine and you handle everything off this machine supervisor. It is a design problem. The technology also has limitations because you have a lot of memory and a lot of processors, but you have a limit with processors and memory, which causes problems with scalability. 

It's equal to any technical support. You need to go to level one, level two, level three to reach their engineers. It is complicated. With any technology it is like this. But my level of skill here is high, and going to level one, level two, level three is complicated. You have a ladder to solve the problems quickly. That's the problem. Any platform, any vendor has the same problem. You need to go through levels until you find one guy who can solve your problem.

I used a solution previously. I switched because I needed evolving technology. I needed to evolve to smart features.

The most important criteria when selecting a vendor is price. After that it's detection.

For the first steps you have some help. At the beginning you have priority support, you have engineers. After that you pay.

It's complex because you need to evaluate a lot of things.

I advise that you should plan your financial resources and plan the platform. Also, be sure to test the performance ability, as well as scalability. 

From CMDB configuration monitoring, it can provide information changes.

Analytics. It can provide log information from the device. With log information, I can see if there is a threat

In the CMDB configuration monitoring. Example, if there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it.

Yes.

Yes.

Very good.

FortiSIEM is better than previous products.

Complex due to the configuration.

Please be cheaper and more simplified.

Yes, but I cannot mention it because of privacy issues.

Please do a PoC.

It is provides extremely fast and flexible query of logs/events on the network. For example, it’s easy to write a quick query for all the “authentication” requests on the network, regardless of where they came from, i.e., during the past days, weeks or months.

The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature. It’s impossible to find an application that supports every device/manufacturer that we have. Thus, being able to write my own parsers for device logs, allows for greater scalability.

The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries. However, it does function well for our day-to-day operations.

We did experience some stability issues. The parser engine crashes often, but it does recover without any noticeable impact to the performance or service.

There were no scalability issues; the product scales well for us.

Support was very good when owned by AccelOps. I have not opened any recent cases with Fortinet since its buyout.

The setup was pretty complex, but we had great support from AccelOps.

I haven’t looked at the latest offerings or licensing models since Fortinet bought this product. Previously, AccelOps was looking to add other Tableau reporting modules for more complex reporting purposes. This was not attractive to us, due to the high cost of Tableau's licensing. Also, it required licensing for an event forwarding engine to be installed on the servers. The cost was getting high when we looked at licensing for 50-plus servers.

We only evaluated this solution and loved the capabilities that it offers. We decided to take a chance and I’m not sorry that we did. Overall, the experience has been very positive.

Make sure you size the solution to the number of devices and servers on the network. Don’t be afraid to add additional workers.

Try to avoid using WMA formats for log retrieval of the busy servers; this is extremely resource-intensive. Price out the event forwarding engine that they offer and add it to your budget.

In large-sized medium-sized and a small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root cause. The most value I’ve found in it, quicker time-to-resolution.

I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.

The biggest thing that could be better is a quicker response to support cases.

As I keep the system updated it helps to keep the system stable, but it’s been extremely stable and extremely reliable.

I have scaled it out with multiple workers and collectors. It’s scaled in every direction that I would like it to, geographically and from a correlation and reporting capacity standpoint.

I’ve had lots of different engagements with support over the years and generally I’ve had very good support, knowledgeable staff and occasionally you’ll have a weird problem, longer to resolve than some other problems; but generally speaking, the support’s been very good.

I’ve used the product for a long time so I’ve requested quite a few different features. Those features have always been added, and it’s been more or less the time they need depending on what the feature is.

It’s not harder than any other similar product. It’s very easy to set up in the fact that they provide an OVA file that you can quickly and simply download and with a few configuration settings be on the network. There are multiple other deployment options for other hypervisors as well as bare metal deployments. More than anything the troubles come with configuring all of your log sources to send the necessary log messages. That’s true for any product, not just Accelops.

My advice would be to come up with a game plan to figure out exactly what devices or what system to focus on. Then (once you become familiar with reporting, alerting and tuning) integrate more devices/systems into Accelops.

We're able to get real-timec as well as our customer networks that we're monitoring at all times.

• Visibility
• Flexibility

The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph. I've already made a specific feature request to just make it look sexier because that's what customers like to see.

The stability has been very good. We've had no issues with instability.

What we really like about it is the ability to scale without costing an arm and a leg for us. They're highly virtualized and, as a result, we're able to deploy in a lot faster manner than shipping their metal to a location that might have to be purchased in another state or country.

We have used their technical support as well as their customer service. They've always got back to us in a timely manner. We've never had an issue of being able to get to the right person. If it doesn't get to the right person, it gets escalated very fast.

We used LogRhythm, and Accelops replaced it.

I wasn't involved in the initial setup, but my team was.

You always have to do your due diligence. I'm pretty sure a lot of the other competition is just as capable, however we deal with aircrafts, which is a different, unique beast. It enables us to understand an aircraft or sat-com network infrastructure, so it's not like a traditional type of log file that you have to normalize.

Some companies work with Windows desktops and servers, but we don't. Again, be sure to do your due diligence because whether Accelops is right for you depends on your use case. Make sure also that you have an MSSP model like we do so that you're able to deliver for your customers.

Although we're still in training, we can expect to see and address issues in our network, such as configuration errors that caused latency between disc, storage and server that we weren't aware of before.

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there. I'd like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I'm looking for to determine whether we're healthy, what's our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.

So far, it appears to be stable. Early on, there were some lags with certain things happening and my guys weren't quite sure how stuff fit together, but I think that will wash out in the training. We need it to provide alerts, monitoring, security, and SIEM.

We've had no issues with scalability.

It's too early to comment on technical support. I don't have any complaints, and neither do my guys, so that's a good sign.

They got the system up and running pretty easily and now he's working with the engineering groups and others to start making sure that the SM&NT logs are all set. Right now we're in ramp-up mode, so once it's fully loaded we'll be able to talk more about how it's performing with that volume of logs and all the dashboards and things that we started automating.

I trust my server lead and his guys for the setup. They had to build a bigger box with new storage to keep all the new logs that we started pointing at it.

We knew we needed an SIEM tool, and actually looked at Accelops a year ago. At the time, it just wasn't stable enough and we didn't quite have the funding. Now, we did another review and Accelops came out on top with some improvements and better pricing. I found the initial money and had extra budget for ongoing maintenance.

Any of the top SIEM tools like this is going to give you a lot of information and that in itself is the challenge. There's so much information that you need to have at least one person who's dedicated almost full-time to it.