We just raised a $30M Series A: Read our story

Fortinet FortiSIEM OverviewUNIXBusinessApplication

Fortinet FortiSIEM is the #11 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to Splunk: Fortinet FortiSIEM vs Splunk

What is Fortinet FortiSIEM?

FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

Companies around the world use FortiSIEM for the following use cases:

  • Threat management and intelligence that provide situational awareness and anomaly detection
  • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
  • Managing “alert overload”
  • Handling the “too many tools” reporting issue
  • Addressing the MSPs/MSSPs pain of meeting service level agreements

Fortinet FortiSIEM is also known as FortiSIEM, AccelOps.

Fortinet FortiSIEM Buyer's Guide

Download the Fortinet FortiSIEM Buyer's Guide including reviews and more. Updated: October 2021

Fortinet FortiSIEM Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.

Fortinet FortiSIEM Video

Pricing Advice

What users are saying about Fortinet FortiSIEM pricing:
  • "Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."
  • "Pricing is acceptable for more than 90% of our customers, as they normally get discounts."

Fortinet FortiSIEM Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Real User
Top 5
Very easy alert setup; a good tool for analysis and for SOC

Pros and Cons

  • "Easy alert setup which enables different alerts in different categories."
  • "Not very good on non-API features, lacks that functionality."

What is our primary use case?

We use Fortinet FortiSIEM for storage of security information and analysis, as well as for alerts from the 50-60 services that we have. All of our webs are linked to FortiSIEM. It's a form of SOC tool and data is used for identifying trends and what's happening around the networks. We're customers and end-to-end users when it comes to FortiSIEM, but for other Fortinet products we're either partners or a value-added reseller. I'm the principal cloud architect in our company. 

What is most valuable?

I think the most valuable feature is the easy alert setup, it's very important. It's quite simple to use and enables us to have different alerts in different categories. SOC is able to see all the red alerts, it's impossible to miss them. It's a good tool for analysis and for SOC. We upload all network detection tools that support FortiSIEM and can investigate for different alerts or vulnerabilities. A great feature is that you can use Python scripting for data stack. It's great for devices that don't generate a genuine local source of information. 

What needs improvement?

This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.

For how long have I used the solution?


What do I think about the stability of the solution?

It's a very reliable solution, we haven't had any outages during the last year and we're using it a lot. We have over 40 people using it 24/7.

What do I think about the scalability of the solution?

This solution is not very scalable if you have a lot of security events; it's focused more around smaller companies. We've become too big for it with 48,000 devices which we are monitoring and we had to create another instance and split things. It's not perfect because it requires purchase of a second license. We use the solution all the time. 

How are customer service and technical support?

Fortinet support is very fast. If I need to ask something, I'll get a response within a couple of hours. 

How was the initial setup?

The initial setup was quite straightforward. They have good documentation and once we deployed, there were only a couple of times where we needed a little bit of support because there were delayed reactions. 

What's my experience with pricing, setup cost, and licensing?

The licensing is on an annual basis and calculated on the set up number. Of course, the licensing cost could be less but it's not too bad and is quite nicely priced. With Centreon or Splunk you just pay for the use but if we compare the cost of FortiSIEM with Splunk, it's less than half the price.

Which other solutions did I evaluate?

We took a look at IBM QRadar, which was the main competitor, and we also looked at Splunk. Splunk lost out quickly because of the cost and we ended up going with Fortinet because it was much easier to manage and implement things than QRadar and it has the Python scripting.

What other advice do I have?

If your use case suits this solution, I would recommend it. If you are a professional operator and you're into pre-investing, and not just paying per use, then FortiSIEM is one of the best options you can have.

I rate this product an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
MarioBrito
Pre-Sales Cybersecurity Solutions at ECSSA El Salvador
Reseller
Top 10
Allows us to combine SOC and NOC operations and has good reports, integrations, and support

Pros and Cons

  • "One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
  • "Its training can be improved. Its price also needs to be improved."

What is our primary use case?

We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.

Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges. 

How has it helped my organization?

With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.

What is most valuable?

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

What needs improvement?

Its training can be improved. Its price also needs to be improved.

For how long have I used the solution?

I have been using this solution for one year.

What do I think about the stability of the solution?

It has been good so far. We don't have any complaints about the tool.

What do I think about the scalability of the solution?

It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.

Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.

How are customer service and technical support?

We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.

How was the initial setup?

The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.

What about the implementation team?

For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.

What's my experience with pricing, setup cost, and licensing?

There is a licensing scheme for every case. There are three licensing schemes that we can choose from.

Which other solutions did I evaluate?

Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.

What other advice do I have?

I would advise others to start small and plan for future growth. 

I would rate Fortinet FortiSIEM an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,608 professionals have used our research since 2012.
JoshuaGardner
IT Executive: Operations & Security at Icon Information Systems (Pty) Ltd
Real User
Top 10
The performance is very good, and it is extremely scalable

Pros and Cons

  • "To add workers and even collectors is pretty easy."
  • "The dashboard needs to improve."

What is our primary use case?

We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various security-related activities and features. In more ways, it becomes like a cloud solution to them. We make use of a secure connection from the clients’ networks using collectors located on their premises back to our centralized SIEM platform.

What is most valuable?

The most valuable feature is the differentiator, which has a combination of not only the SOC which covers the security operations aspect, but it also includes NOC capabilities. FortiSIEM uses PAM (Performance, Availability, and Monitoring) from an NOC perspective. So not only do you natively look at security data as most SIEM solutions, but you're also looking at the performance and the availability component of those devices. It's easy for us to coordinate if a security incident occurs. You're not only looking at security logs but you also looking at what could potentially have happened in terms of device performance. So that feature to me already makes it quite a big differentiator in the market, compared to other SIEM tools out there.

What needs improvement?

When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.

For how long have I used the solution?

I have been using this solution for 18 months now.

What do I think about the stability of the solution?

The solution is quite solid and stable.

What do I think about the scalability of the solution?

The scalability component is easy. To add workers and even collectors is easy which is how we've deployed it, makes scalability much easier. We plan to grow our users into the thousands.

How are customer service and technical support?

I never really used support from Fortinet for the FortiSIEM solution that frequent because I figured most of the stuff out on my own, but that being said, the Fortinet Support is great because I figured most of the stuff out on my own.

How was the initial setup?

The initial setup was quite complex. We've had some issues with the first OVF file that we downloaded. We had to customize the installation processes. It was a bit complex in the earlier versions, but the newer versions have greatly improved. 

What other advice do I have?

We use an on-premises deployment model from our perspective and a hybrid model from a customer/user perspective.

I will recommend this solution to others out there looking for a SIEM solution. I've already done a few events we were talk about FortiSIEM and its advantages. I do, however, think the main dashboard where you create and design your graphs could do with some improvement improved. On a scale from 1 to 10, I will rate this solution an 8 to ensure there’s continuous improvement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SC
Partner at a security firm with 11-50 employees
Reseller
Top 20
Good network monitoring with excellent scalability and good stability

Pros and Cons

  • "The stability is very reliable. It offers very good performance."
  • "The policy editing should be easier. Right now, it's too hard."

What is our primary use case?

We primarily use the solution for network and security monitoring.

What is most valuable?

Most of those CM functions and the correlation alerts are very helpful to our clients. 

The network monitoring is one of the most valuable aspects of the solution.

You can scale the solution with ease if you need to expand.

The stability is very reliable. It offers very good performance.

What needs improvement?

The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product.

The policy editing should be easier. Right now, it's too hard. 

Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier.

The product is quite expensive. It's something clients always comment on.

For how long have I used the solution?

We have been using the solution for many years - including before Fortinet acquired the original organization.

What do I think about the stability of the solution?

The solution is quite stable. We find it very reliable. It doesn't crash or freeze. There aren't bugs and glitches.

What do I think about the scalability of the solution?

The scalability of the solution is excellent. It's one of the main reasons we chose to go with this option. If a company needs to expand, it can do so easily. There aren't constraints.

We have about five to ten customers on the solution currently.

How are customer service and technical support?

I'm not using the vendor's technical support. Mostly we have our own in-house resources. I cannot tell if are they good or bad. I have never dealt directly with them. Therefore, it would be difficult to review their services.

How was the initial setup?

In terms of the initial setup, the process is not straightforward. It's complex and difficult. Making it easier would help a lot.

All CM installations and implementations are complicated. You have to tailor the product. It's not really something you can just implement out-of-the-box. 

That said, a basic installation is simple. It takes a few days. After you've done the implementation stage, then it takes time. Of course, it depends on the projects. I cannot say how much time it's taken exactly. I just know it takes quite a while.

For deployment, we use two people in a project. One of them is for the beginning of the project - for the implementation and the installation process. The other is the administration which we are generally pas off to our customers. I tend to handle the daily operations.

What's my experience with pricing, setup cost, and licensing?

All of our customers find the solution expensive. It's not a cheap option.

I don't know the exact cost of the solution as I don't directly handle the licensing.

What other advice do I have?

We are actually a reseller service company and we are dealing with the solutions for our customers. We are using the SIEM solutions. We are not a user, we are a reseller.

We have many customers. Not all may be using the latest version of the solution.

I would recommend the solution.

In general, I would rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
AK
Asst Programmer Data Center at a consultancy with 10,001+ employees
Real User
Top 20
Stable and pretty affordable

Pros and Cons

  • "We find the solution to be stable."
  • "The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."

What is our primary use case?

We primarily use it for all of our cloud space and for firewalls,and AWS security services etc., for example, for the email, Cloud watch and AWS security HUB

How has it helped my organization?

Single pane of glass for security issues

What is most valuable?

There's a great feature on the solution that allows us to analyze security issues and incidents. It automatically allows us to trace any incident. It's an invaluable aspect of the solution. 

The solution has a relatively low cost.

We find the solution to be stable.

It's my understanding that the solution can scale well.

What needs improvement?

The solution needs to be form flow diagram automatically with AWS platform

For how long have I used the solution?

I've only been using the solution for the last six months.

What do I think about the stability of the solution?

The solution is stable. It's very reliable. There aren't bugs or glitches. It doesn't freeze or crash.

What do I think about the scalability of the solution?

I personally have never tried to scale the solution. That said, the solution is scalable and companies shouldn't have any issue expanding it as needed.

The solution is being used pretty extensively in our organization and we have several teams on it.

How are customer service and technical support?

We've definitely called technical support in the past when we have run into issues. We've been satisfied with the level of service they provide. We always get a proper response and they're always ready to resolve any issues we have. We are able to close tickets very quickly because they are so knowledgeable and responsive.

How was the initial setup?

The solution was fairly complex. However, this was due to the fact that we had to do a lot of configurations at the outset. The solution didn't make the process easy for us. Typically, it's easy to implement and I would be able to handle the process myself.

It took us about 15 days to deploy everything on our end.

What about the implementation team?

Implementation was done by Fortinet's Professional Service Team which was quite satisfactorily 

What's my experience with pricing, setup cost, and licensing?

The solution is very cost-effective compared to competitors. We just need to pay licensing and support costs. There aren't added costs beyond that.

Which other solutions did I evaluate?

We didn't previously look at other solutions. We saw that Fortinet fit our needs, and therefore we chose it.

What other advice do I have?

We're a public utility, so we just use the solution. We don't have a business relationship with the company.

We use the latest version of the solution.

We use a variety of Fortinet solutions at our organization. For example, we integrate the complete AWS cloud space into that all FortiSIEM.

I'd recommend the solution to other organizations, especially those that are cost-conscious. Compared to there solutions' it's rather easy to implement.

I'd rate the solution overall seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ishwor Shrestha
Security Analyst at netfiniti
Real User
Top 10
Good GUI, helpful technical support, and easy to configure

Pros and Cons

  • "The product is quite well-organized. The GUI makes it easy to navigate."
  • "It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."

What is our primary use case?

I primarily use the solution as part of the firewall. I work mostly with banks and have extensive experience with configuring the VPN in relation to Fortinet.

What is most valuable?

The solution is quite user-friendly.

It's very easy to configure everything, including the VPN. It gives you lots of good options.

The product is quite well-organized. The GUI makes it easy to navigate.

What needs improvement?

The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed.

You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process.

It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option. 

The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.

For how long have I used the solution?

I've been using the solution for about seven months at this point. It's been less than a year.

What do I think about the stability of the solution?

The stability of the product is fairly good. It's likely 70-80% there in terms of stability. There are many versions and the stability may vary slightly on each. 

In terms of security, however, I would say it's very stable. 

We haven't implemented the latest version yet as it hasn't been implemented widely. 

In general, the stability isn't a problem for us and we don't need to worry too much about it.

How are customer service and technical support?

The technical support is quite fine. We can communicate with them easily if we need to. If we have a problem or we need an issue addressed, we simply open a ticket and the Fortinet team is ready to assist. They are very knowledgeable and responsive. We've been satisfied with the support they give us.

How was the initial setup?

The initial setup does take some time to learn. I'm in the process of learning more about it now, specifically in relation to configuration or the VPN.

What's my experience with pricing, setup cost, and licensing?

If you are comparing the product to Cisco's solutions, it's very cheap and moderately priced. It's affordable. At the same time, it's a very effective solution. It's affordable and it works well.

What other advice do I have?

On a scale from one to ten, I would rate the product at an eight. It's been a pretty positive experience overall. I'm still learning the solution and discovering new things about it, however, it has everything I need at the same time. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SahrahMohammed
Network Security Engineer at Go Faster
Real User
Top 10
Easy to set up and use, with quick and helpful technical support

Pros and Cons

  • "It's very easy for anyone to work with."
  • "We need to see incident reports about the event log, without events from the administrator or through human interaction."

What is our primary use case?

We use FortiSIEM to protect our customers. 

Our current client has 20 branches and we can connect from any branch to their headquarters. We have high availability between headquarters and branches via the VPN connection. We can protect our SD-WAN, as well.

How has it helped my organization?

Fortinet is very helpful for our customers.

What is most valuable?

Every feature is good. This is one of the greatest SIEM products on the market. The most valuable feature this solution offers is that it protects the server and the client.

It's very easy for anyone to work with. You don't need any help externally.

What needs improvement?

This is a great product for everyone. The disadvantage is the product portfolio.

We need more incidents automatically to protect our network.

We need to see incident reports about the event log, without events from the administrator or through human interaction.

In the next release, I would like to have automated generation reports of incident reports.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

This solution is stable.

What do I think about the scalability of the solution?

It's a scalable product.

Fortinet has a large number of products with many modules. 

We can use it for small, medium, and large enterprise companies. This product is suitable for all business sizes.

How are customer service and technical support?

Support is very helpful. They have support in our local area and there are five or six support branches worldwide.

We can contact them through Facebook, the website, on chat, and using the phone with no problem.

They are helpful and they respond quickly.

Which solution did I use previously and why did I switch?

We only use Fortinet products.

I work with version 5, version 6, and version 6.2.

How was the initial setup?

The initial setup is very easy. It's straightforward.

One person can do the basic installation and maintenance. One person can support engineers.

Every product that Fortinet offers is easy to install and can easily be deployed by one person.

You can deploy and execute one device in one day. If the project is large then you will need two or three days to complete the installation. This includes time for troubleshooting if needed.

What's my experience with pricing, setup cost, and licensing?

Pricing is acceptable for more than 90% of our customers, as they normally get discounts.

What other advice do I have?

My advice would be to know this solution, and study it well to avoid mistakes.

The configuration is simple, not complex. It's a very good product. I have not experienced any issues with it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
RakeshNaganna
Cyber Security Analyst at a retailer with 1,001-5,000 employees
Real User
Top 5
Has easy access to create rules, playbooks, or use cases

Pros and Cons

  • "I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
  • "With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."

What is our primary use case?

We use it as our main SIEM tool for creating rules, creating alerts, monitoring, and accessing CMDB. We also use it to monitor a few more things related to writing security.

What is most valuable?

I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.

What needs improvement?

With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk.

When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.

For how long have I used the solution?

I've been using it for a year and a half.

What do I think about the stability of the solution?

It's pretty stable. We haven't faced any critical issues with stability.

How are customer service and technical support?

We had some issues when there were a few more updates or patches, but the technical support from FortiSIEM was pretty good and got it all sorted.

What other advice do I have?

If you're using it for multi-tenant solutions, it will be pretty good, but it won't support running more than 20 clients on the same platform. It would need more resources. Even if you are implementing it for multi-tenant solutions, you would need implement fewer clients on it so that it has to use less effort.

On a scale from one to ten, I would rate it at eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.