Fortinet FortiSIEM Reviews

In large-sized medium-sized and a small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root cause. The most value I’ve found in it, quicker time-to-resolution.

I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.

The biggest thing that could be better is a quicker response to support cases.

As I keep the system updated it helps to keep the system stable, but it’s been extremely stable and extremely reliable.

I have scaled it out with multiple workers and collectors. It’s scaled in every direction that I would like it to, geographically and from a correlation and reporting capacity standpoint.

I’ve had lots of different engagements with support over the years and generally I’ve had very good support, knowledgeable staff and occasionally you’ll have a weird problem, longer to resolve than some other problems; but generally speaking, the support’s been very good.

I’ve used the product for a long time so I’ve requested quite a few different features. Those features have always been added, and it’s been more or less the time they need depending on what the feature is.

It’s not harder than any other similar product. It’s very easy to set up in the fact that they provide an OVA file that you can quickly and simply download and with a few configuration settings be on the network. There are multiple other deployment options for other hypervisors as well as bare metal deployments. More than anything the troubles come with configuring all of your log sources to send the necessary log messages. That’s true for any product, not just Accelops.

My advice would be to come up with a game plan to figure out exactly what devices or what system to focus on. Then (once you become familiar with reporting, alerting and tuning) integrate more devices/systems into Accelops.

We're able to get real-timec as well as our customer networks that we're monitoring at all times.

• Visibility
• Flexibility

The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph. I've already made a specific feature request to just make it look sexier because that's what customers like to see.

The stability has been very good. We've had no issues with instability.

What we really like about it is the ability to scale without costing an arm and a leg for us. They're highly virtualized and, as a result, we're able to deploy in a lot faster manner than shipping their metal to a location that might have to be purchased in another state or country.

We have used their technical support as well as their customer service. They've always got back to us in a timely manner. We've never had an issue of being able to get to the right person. If it doesn't get to the right person, it gets escalated very fast.

We used LogRhythm, and Accelops replaced it.

I wasn't involved in the initial setup, but my team was.

You always have to do your due diligence. I'm pretty sure a lot of the other competition is just as capable, however we deal with aircrafts, which is a different, unique beast. It enables us to understand an aircraft or sat-com network infrastructure, so it's not like a traditional type of log file that you have to normalize.

Some companies work with Windows desktops and servers, but we don't. Again, be sure to do your due diligence because whether Accelops is right for you depends on your use case. Make sure also that you have an MSSP model like we do so that you're able to deliver for your customers.

Although we're still in training, we can expect to see and address issues in our network, such as configuration errors that caused latency between disc, storage and server that we weren't aware of before.

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there. I'd like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I'm looking for to determine whether we're healthy, what's our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.

So far, it appears to be stable. Early on, there were some lags with certain things happening and my guys weren't quite sure how stuff fit together, but I think that will wash out in the training. We need it to provide alerts, monitoring, security, and SIEM.

We've had no issues with scalability.

It's too early to comment on technical support. I don't have any complaints, and neither do my guys, so that's a good sign.

They got the system up and running pretty easily and now he's working with the engineering groups and others to start making sure that the SM&NT logs are all set. Right now we're in ramp-up mode, so once it's fully loaded we'll be able to talk more about how it's performing with that volume of logs and all the dashboards and things that we started automating.

I trust my server lead and his guys for the setup. They had to build a bigger box with new storage to keep all the new logs that we started pointing at it.

We knew we needed an SIEM tool, and actually looked at Accelops a year ago. At the time, it just wasn't stable enough and we didn't quite have the funding. Now, we did another review and Accelops came out on top with some improvements and better pricing. I found the initial money and had extra budget for ongoing maintenance.

Any of the top SIEM tools like this is going to give you a lot of information and that in itself is the challenge. There's so much information that you need to have at least one person who's dedicated almost full-time to it.

There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.

Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.

In general, the system is stable.

We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.

Customer Service:

Customer service is mediocre, but the relationship is improving with focused attention on customers.

Technical Support:

Technical support is good.

We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.

The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.

We implemented it with out in-house team.

We didn't evaluate other options as this was a direct, suggested replacement to MARS.

Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.

• The automation piece -- its ability to dynamically discover which services need to be monitored and to automatically setup the appropriate monitoring.
• We also like the intelligence behind the alerting; we like the out-of-the-box rules that don’t require a lot of tuning.
• The product doesn’t require a lot of manpower, so there isn’t a lot of tuning or management overhead required for it.

We outsource a lot of our IT. We are able to monitor performance and security and to perofrm audits to ensure our outsourcing partners are doing what we are pay them for.

The way that upgrades are handled could be a bit cleaner. That might have been improved in the new version, but where we are, the upgrade process takes the system down for the period of the upgrade. So the lost data during that downtime can be frustrating.

I've used it for four years.

We did, but AccelOps were very, very helpful. I don’t think the product was configured or tuned for an environment as large as ours, so there were some performance issues at first, but they were very helpful and they had developers and engineers on the phone with us to help resolve those issues. They even used the experience with us as a test case to build improvements into the product.

No issues since the product was installed.

No issues since the product was installed.

Their sales people have always been helpful and friendly, and they’ve given us some things for free, like training. It’s been good. We’ve even had some of the higher-ups at AccelOps call us with new product offerings for us because they know our organization so well.

I would say it’s more on the average side. Once I can get someone engaged they’re good about getting the problem solved, but sometimes it’s hard to get someone on the line to help resolve your problem.

No, this is the first solution like this that we’ve had.

The setup was straightforward, but the performance issues we had were the biggest stumbling block. In terms of getting it out of the box and up and running, it really wasn’t difficult at all.

I did it myself in-house.

The pricing is very, very affordable. For the value you get, I think it’s about the cheapest solution on the market.

I think the biggest thing to understand is that it’s like a Swiss Army knife. You get a lot of tools for a lot of things, but don’t expect it to be a killer app in any one area.

• Log correlation
• Alerting

AccelOps gives us a greater visibility into potential data/network breach attempts with the monitoring and alerting capabilities.

Ease-of-use for end users that do not spend every day in the product.

Also, the presentation of historical and trending data in dashboards needs to be improved immensely. Something as simple as an RRDtool graphing mechanism on a dashboard would be a huge improvement to the product.

I've used it for one and half years.

Not that I recall, but its been over a year since deployment.

No issues encountered.

No issues encountered.

It's high.

Medium to high, some of the problems is just in the maturity of the product and how AccelOps develops this moving forward.

Solarwinds, we assumed that AccelOps would be an easier product to manage moving forward and it was less expensive.

I don't think it was complex.

In-house with a little assistance from support.

The primary thing I use it for is monitoring IPS because we have 12 or 14 Cisco IPS devices, and the Cisco solution for monitoring that many IPS devices is hokey at best, aside from it being expensive. I also use it when we’re trying to track down activity on a particular IP address – I use the query engine to search for things like that.

We’ve had some situations where we’ve either gotten hit with a DOS attack or we’ve gotten notification that we’ve been blacklisted because some IP that belongs to us is roaming the internet trying to bogusly log in to SNMP servers. So, we’ll take that IP, or wherever the DoS is coming from, and run a query over the last 30 days or so, to see just what the activity on that machine has been, and make various decisions from that. In a couple of cases it’s meant to shut down the machines and get them off the network because they’ve obviously got some kind of malware on them. In other cases, it’s been a matter of determining the exact scope of DoS – where it came from, how long it lasted, how intense it was, etc.

One of the things that actually opened a ticket about (and they couldn’t help me) is when traffic is leaving our network, it’ll only report the source. I would think that if it’s examining the packets that it should also be able to give me the destination. It’s not possible to tell me whether it reached the destination, but it would be helpful to know where it was headed when it left the network. That field is always empty in the query.

I've used it for about a year.

No serious issues.The biggest issue I had with their deployment methodology as a virtual appliance – with the way things our VM farms are structured – there are only a couple of people that are allowed to bring up OVAs, which is the way they ship the product, so I have to get their time to do any kind of upgrade.That’s why I recently queried the helpdesk on what was required to do the upgrade that’s available to us (at no cost), and they pointed me to a manual which I haven’t had time to download yet. My guess is I’m going to have to deploy a separate OVA.

No issues encountered.

We've not had any issues so far.

The only complaint I have is that they wouldn’t issue a license until they had the check in their hands, which is not my experience with other vendors. If you issue a PO for something, usually you get a license immediately – in their case they wouldn’t until they had actually gotten payment, which was a little frustrating.

I have tried to open some tickets, and usually they’ll respond with a note at the top of the response. It says “if you’re responding to this email do it above this line,” and I didn’t see that the first time I got an email like that, so for weeks they kept sending me emails saying I hadn’t responded to their initial contact. To me that was a little bit nit-picky.

I inherited a solution that was discontinued by the vendor, and I was charged with finding a replacement.

Once we got the OVA file, and I was able to commandeer some time from the appropriate people here, it wasn’t an issue.

It was in-house. Part of the initial purchase included some on-site time with one of their engineers, so I used that time to do an upgrade while he was here.

The pricing seems fairly standard in terms of the pricing model, so how it compares to other similar products I don’t know. The people I took this to about replacing the other product didn’t seem to blink at the price.

We ran a PoC for Accelops for a trial period, so we didn’t look as much into other products.

It would be to get as good an estimate as you can of what EPS's you’ll need before you get pricing and so forth. We underestimated what we would need, which is what precipitated ordering additional licensing and not being able to get them right that.

The granular monitoring capabilities. Also, it's very configurable.

It gives greater visibility via the dashboards into the real-time status of the network. Additionally, it also provides specific alerts and performance monitoring.

Some of the out-of-box dashboards could be more useful, as they’re not configured out-of-box. Some other products we’ve used give a lot more information right out of the box. With Accelops, we didn’t get quite enough useful information at the beginning. Ping monitors (STMs) are highly configurable, but it would be nice to have a simpler monitor to go with it, like a simple ping monitor. As it is, we have to go through three different processes and 30 minutes to get the ping monitor up with email notifications. It should have an easier way to configure some of these more common monitors.

I've used it for two years, but the firm has had the solution in place for longer.

The product is always stable, but there were a few bugs. During some of the upgrades, fixing one problem revealed another, so we had to go through several patch iterations to find a bug-free version that works for us.

None. Far more scalable than is required for us.

Great - we’d give it a 10/10.

6/10 - as far as the techs go, they are knowledgeable, but when trying to get a hold of a tech or have them call back, they weren’t responsive. It was one of my biggest frustrations with the product, and I started to look elsewhere for another solution at one point. Issues that could have been resolved in 30-60 minutes sometimes took months, but they have improved.

Just do your research – the product does a lot, but it may be more than you’re looking for. Also, be aware that it requires a lot of time to maintain, set up, and configure.