Fortinet FortiSIEM (AccelOps) Review

Correlates incidents between products and notifies our SOC accordingly


What is our primary use case?

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

How has it helped my organization?

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

What needs improvement?

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

For how long have I used the solution?

More than two years.

What do I think about the stability of the solution?

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

What do I think about the scalability of the solution?

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

How are customer service and technical support?

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

How was the initial setup?

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

What about the implementation team?

We used Fortinet consultants for the deployment.

What's my experience with pricing, setup cost, and licensing?

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

Which other solutions did I evaluate?

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

What other advice do I have?

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email