Fortinet FortiSIEM (AccelOps) Review

It can take logs from all my devices agentlessly and correlate data. I'd like to see a more streamlined dashboard.


How has it helped my organization?

Although we're still in training, we can expect to see and address issues in our network, such as configuration errors that caused latency between disc, storage and server that we weren't aware of before.

What is most valuable?

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

What needs improvement?

It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there. I'd like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I'm looking for to determine whether we're healthy, what's our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.

What do I think about the stability of the solution?

So far, it appears to be stable. Early on, there were some lags with certain things happening and my guys weren't quite sure how stuff fit together, but I think that will wash out in the training. We need it to provide alerts, monitoring, security, and SIEM.

What do I think about the scalability of the solution?

We've had no issues with scalability.

How is customer service and technical support?

It's too early to comment on technical support. I don't have any complaints, and neither do my guys, so that's a good sign.

How was the initial setup?

They got the system up and running pretty easily and now he's working with the engineering groups and others to start making sure that the SM&NT logs are all set. Right now we're in ramp-up mode, so once it's fully loaded we'll be able to talk more about how it's performing with that volume of logs and all the dashboards and things that we started automating.

What about the implementation team?

I trust my server lead and his guys for the setup. They had to build a bigger box with new storage to keep all the new logs that we started pointing at it.

Which other solutions did I evaluate?

We knew we needed an SIEM tool, and actually looked at Accelops a year ago. At the time, it just wasn't stable enough and we didn't quite have the funding. Now, we did another review and Accelops came out on top with some improvements and better pricing. I found the initial money and had extra budget for ongoing maintenance.

What other advice do I have?

Any of the top SIEM tools like this is going to give you a lot of information and that in itself is the challenge. There's so much information that you need to have at least one person who's dedicated almost full-time to it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Mohamed H YassimUser

Presently on 4.10 version. You must deploy using Workers and Collectors. Or else the Supervisor take control of all the memory, Currently the Country location and IP does not match up. report as a Bug since v 4,2 version

10 January 18
Guest

Sign Up with Email