We just raised a $30M Series A: Read our story

Fortinet FortiSIEM OverviewUNIXBusinessApplication

Fortinet FortiSIEM is the #11 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to Splunk: Fortinet FortiSIEM vs Splunk

What is Fortinet FortiSIEM?

FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

Companies around the world use FortiSIEM for the following use cases:

  • Threat management and intelligence that provide situational awareness and anomaly detection
  • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
  • Managing “alert overload”
  • Handling the “too many tools” reporting issue
  • Addressing the MSPs/MSSPs pain of meeting service level agreements

Fortinet FortiSIEM is also known as FortiSIEM, AccelOps.

Fortinet FortiSIEM Buyer's Guide

Download the Fortinet FortiSIEM Buyer's Guide including reviews and more. Updated: October 2021

Fortinet FortiSIEM Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.

Fortinet FortiSIEM Video

Archived Fortinet FortiSIEM Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AH
Solutions Consultant at a comms service provider with 51-200 employees
Consultant
A stable solution with good pricing, but they need to address recent changes to technical support

Pros and Cons

  • "Both the collecting logs and duo correlation are valuable features for us."
  • "The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."

What is our primary use case?

We primarily use the solution for collecting logs and duo correlation on our customer's premises.

What is most valuable?

Both the collecting logs and duo correlation are valuable features for us.

Fortinet also offers very good pricing. Their pricing is incredible.

What needs improvement?

The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients.

They also have to improve their import perfection solution.

For how long have I used the solution?

I've been using the solution for 1.5 years.

What do I think about the stability of the solution?

The solution is very stable, like all Fortinet products.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and technical support?

Technical support is very good. They also provide you with additional materials to study the product by yourself so that you can get a better understanding of the full solution.

How was the initial setup?

The initial setup is complex, mostly because of the security, not because of the product. Most of the security features in the installation process are difficult. They require tuning.  You have to be careful you don't configure something wrong. This is a complexity of the environment and the solution itself. The engineer should understand what the customer is looking for. The product might be very good, but if it is positioned in the wrong way, it can be harmful.

Which other solutions did I evaluate?

I did not evaluate other options; this solution was the decision of the customer. However, in the past, I have evaluated and worked with Splunk and IBM.

What other advice do I have?

We use the public cloud deployment model.

I like the product, and I would recommend it, but I much prefer Splunk.

The beautiful thing about Fortinet is that they have integrated many, many solutions. Their platform is very powerful. In the case of the customer, if he decides to choose Fortinet, he'll largely be stuck with that one vendor. Fortinet does integrate with a few other vendors, but it's best if you use only their solutions. It's more efficient, you have more manageability and you get more value that way.

I would rate the solution seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
HW
System Engineer / Network Consultant at a tech services company with 51-200 employees
Consultant
An affordable all-in-one solution that's very stable

Pros and Cons

  • "The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install."
  • "They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."

What is most valuable?

The solution has an all-in-one approach. We buy one product and everything our customer needs is included. He doesn't have to pay any additional licenses to get more functionality, so everything is there and if we have to do any adjustments, it's also done very quickly and easily.

What needs improvement?

The solution can't be improved, but it can be managed more clearly. The solution just needs minor improvements. I'm quite sure Fortinet is already working on this.

They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI, there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution. 

For how long have I used the solution?

I've been using the solution for 1.5 years.

What do I think about the stability of the solution?

The solution is very stable. It has run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install.

How was the initial setup?

The initial setup is quite easy.

What's my experience with pricing, setup cost, and licensing?

If we do an overall comparison with other products and also count additional licenses, which are necessary for other products, then the prices are comparative.

If we just leave it at base prices, for example, Splunk: Splunk is cheaper, but if you also count the price for licenses, reports, and other things - especially the megabytes and gigabytes of the lock data that you need - then it comes up to a much higher price than you have to pay for FortiSIEM which already includes these things in a base version.

What other advice do I have?

I would rate the solution nine out of ten. Our clients have been very happy with the solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,267 professionals have used our research since 2012.
ITCS user
Manager, ICT Enterprise Services at a government with 201-500 employees
Real User
Has good business service summaries in the dashboards but it should have better integration abilities

Pros and Cons

  • "Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
  • "Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.vvv"

What is our primary use case?

We use the on-prem deployment model of this solution. Our primary use case of this solution is for all of our infrastructure monitoring, applications, performance monitoring, and for security, incident, and event analysis. 

What is most valuable?

Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features. 

What needs improvement?

Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.

It should also have better integration.

For how long have I used the solution?

I have been using FortiSIEM for four years.

What do I think about the stability of the solution?

It's a good product. It does what it is supposed to do. 

What do I think about the scalability of the solution?

Scalability required a lot of training. If the training isn't adequate you cannot enjoy the end results.

There are currently around ten users using this solution. They are mostly system and network administrators using this solution. We don't have plans to increase the usage. We are going to switch to another product. 

We require two staff members for the deployment and maintenance. 

How are customer service and technical support?

When you log a call, you don't get instant replies or if there is a bug they take ages to fix it and they ask you to hold.

Which solution did I use previously and why did I switch?

We didn't previously use another SIEM solution. 

How was the initial setup?

The installation is straightforward but the configuration is complex because it compromises of several aspects of the network infrastructure, servers, and the databases. You have to know what you want to gain out of this product. 

The deployment took around three months. There are a lot of dashboards to configure. It's not about just the installation. The planning phase and understanding what you want to get out of it, setting up the logs, and working on the correlations take time. 

What about the implementation team?

We used a local integrator for the deployment. They were good. When you consider the other SIEM products, this isn't a popular solution. When we implemented it, we were with the solution before it was acquired by Fortinet. It was a hassle. 

What's my experience with pricing, setup cost, and licensing?

Licensing is a one time cost. If you want to enable different modules then there will be additional costs. 

What other advice do I have?

Properly review this solution and your requirements. See how it will scale up to cloud requirements. Cloud technologies are becoming more prominent and you should see how you will be able to manage it with this tool.

It's a good product but you need to be well trained. If you don't have good training then you won't maximize the benefits of this product. 

I would rate it a seven out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
GV
ICT Architect at a insurance company with 51-200 employees
Real User
CMDB database collects data from a lot of pre-configured devices

Pros and Cons

  • "The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
  • "The performance can be improved. Sometimes it takes a long time to fetch data."

What is our primary use case?

We use the on-prem model of this solution. Our primary use case is for malware and behavior monitoring. We also use it to monitor system performance and user behavior. 

What is most valuable?

The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices. 

What needs improvement?

The performance can be improved. Sometimes it takes a long time to fetch data. 

For how long have I used the solution?

I have been using this solution for one and a half years.

What do I think about the stability of the solution?

It is very stable. 

What do I think about the scalability of the solution?

Scalability is very good. We currently have 150 users using this solution. We don't have plans to increase usage at the moment. 

What about the implementation team?

We implemented through Fortinet professional services. We were one of the first customers to implement the new version and it was a bit complex. I believe it has become easier. Deployment took them only a few hours. It didn't take a long time. 

What other advice do I have?

I would rate it an eight out of ten. They should implement better behavior monitoring features to make it a perfect ten. It should also have better integration with their own products. They have a lot of interfaces for other products but it's not so easy to integrate their own devices. 

I would recommend this solution to someone considering it. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Smadi Huthaifa
Network and Security Administrator at PETRA Engineering Industries Co.
Real User
Hybrid Fortinet Fabric Solutions with a comprehensive view for all Fortinet products and a little support for other vendors

Pros and Cons

  • "The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."
  • "The nodes on our network did not comply with the SIEM solution. They use a different format parking log."

What is our primary use case?

We're using FortiSIEM as the main metadata server for all the security and infrastructure devices. We integrate a lot of nodes, switches, firewalls, and sandboxes with it to gain and covers performance, availability, change, and security monitoring aspects of network devices, servers, and applications.

How has it helped my organization?

FortiSIEM gives us a lot of valuable events and details by using a unified event-based framework to analyze all data including logs, performance monitoring data and provides a broad range of metrics.

What is most valuable?

The comprehensive view of the dashboard and the attribute base interface and the flexibility of implementation methods.

What needs improvement?

 The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format.

for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations.

I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .

For how long have I used the solution?

I have been using the solution around six months.

What do I think about the stability of the solution?

Stability is the main feature we had looked for because of our environment, i.e. why we chose FortiSIEM. The stability is good. We just install a connector on the supervisor outside. 

With the stability of the connector, we faced some problems. The reseller asked us to reinstall the connector. The problem was with the reseller, not the connector.

How are customer service and technical support?

We used the solution's technical support for a lot of cases and tickets. Their responses are very good, kind, and quick. 

Which solution did I use previously and why did I switch?

They have a poor correlation. They didn't use any new concepts like Fortinet. They just display the logs as it is with no attribute base.

How was the initial setup?

The initial setup with Fortinet FortiSIEM Accelops was not easy. We had faced a few problems. but I think Fortinet should give more training courses for their resellers.

We needed to find what the weak points were.  in our network. Our deployment took up to two months. 

We were looking to deploy a unique correlation between nodes. We wanted to track the packets from our clouds Services like cloud sandbox and anti-spam to log our end-to-end connections.

The reseller told us that they comply with our solution. After that, we figured out that it was not going to very easy. FortiSIEM doesn't support ATP Symantec. 

They also did not support our web gateway log format.

What other advice do I have?

The interface is  easy to use but initial setup is not . The connector in the core has FortiSIEM support from the vendor. FortiSIEM supports a lot of vendors. It is a good product for us.

I rank it as eight on a scale from one to ten. because It doesn't support a lot of vendors and also the FortiSIEM still not common to use with fortinet partner maybe they doesn't give adequate training.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MY
Network Security Engineer at Spectrotel
Real User
Correlates incidents between products and notifies our SOC accordingly

Pros and Cons

  • "It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
  • "The backup and recovery process for this solution needs improvement."

What is our primary use case?

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

How has it helped my organization?

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

What needs improvement?

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

For how long have I used the solution?

More than two years.

What do I think about the stability of the solution?

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

What do I think about the scalability of the solution?

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

How are customer service and technical support?

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

How was the initial setup?

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

What about the implementation team?

We used Fortinet consultants for the deployment.

What's my experience with pricing, setup cost, and licensing?

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

Which other solutions did I evaluate?

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

What other advice do I have?

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
SP
Security Team Leader at a tech services company with 11-50 employees
Reseller
Our customers have seen improvement in their connection with load balancing on both connections

What is our primary use case?

We are a system integrator and we resell this solution.

How has it helped my organization?

Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections.  

What needs improvement?

Our customers are noticing configuration available in the GUI interface and I think that they should be equal.

What do I think about the stability of the solution?

Stability and scalability are perfect. 

How was the initial setup?

The initial setup wasn't complex. It took three days to deploy and we required two people for the deployment. 

What other advice do I have?

I would rate it a nine out of ten. The configuration should be equal with the GUI interface. 

What is our primary use case?

We are a system integrator and we resell this solution.

How has it helped my organization?

Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections.  

What needs improvement?

Our customers are noticing configuration available in the GUI interface and I think that they should be equal.

What do I think about the stability of the solution?

Stability and scalability are perfect. 

How was the initial setup?

The initial setup wasn't complex. It took three days to deploy and we required two people for the deployment. 

What other advice do I have?

I would rate it a nine out of ten. The configuration should be equal with the GUI interface. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Wander Menezes
Technical Lead at Arcon Labs at a tech services company with 51-200 employees
Real User
It's complicated to deploy but detection rules are flexible

Pros and Cons

  • "AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
  • "Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."

What is our primary use case?

My primary use case is that it is an analyst tool for hunting on your site network.

How has it helped my organization?

The platform is nice. It is not easy to implement, but once you do so, there is a lot of value from the platform. 

What is most valuable?

AccelOps can handle a lot of data and it's just so important to true monitoring. That is the strong point of AccelOps.

The second one is detecting. I can create a lot of rules to detect anything I like, and this is another strong point.

It's also the only SIEM platform on the market that has health monitoring capabilities, and correlates. For example, if a service is going down I can detect that it is going down and correlate it. For example, if it's because of an exploit can correlate this. It's a nice feature.

What do I think about the stability of the solution?

I think all SIEM platforms have a problem handling a lot of data. My response is "it depends." Depends on the people, depends on the product, depends on the technology. To implement any technology you need good people, and this is independent of the label of the company or technology. The stability is not bad, it's not good. It's a complicated question.

What do I think about the scalability of the solution?

I don't have any feature for load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated. For example, the design is bad because you have one supervisor on one machine and you handle everything off this machine supervisor. It is a design problem. The technology also has limitations because you have a lot of memory and a lot of processors, but you have a limit with processors and memory, which causes problems with scalability. 

How are customer service and technical support?

It's equal to any technical support. You need to go to level one, level two, level three to reach their engineers. It is complicated. With any technology it is like this. But my level of skill here is high, and going to level one, level two, level three is complicated. You have a ladder to solve the problems quickly. That's the problem. Any platform, any vendor has the same problem. You need to go through levels until you find one guy who can solve your problem.

Which solution did I use previously and why did I switch?

I used a solution previously. I switched because I needed evolving technology. I needed to evolve to smart features.

The most important criteria when selecting a vendor is price. After that it's detection.

How was the initial setup?

For the first steps you have some help. At the beginning you have priority support, you have engineers. After that you pay.

It's complex because you need to evaluate a lot of things.

What other advice do I have?

I advise that you should plan your financial resources and plan the platform. Also, be sure to test the performance ability, as well as scalability. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user675411
Senior Technical Consultant at a integrator with 201-500 employees
Vendor
Configuration in initial setup is complex. Product's analytics provide log info letting you see threats.

Pros and Cons

  • "Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
  • "If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."

How has it helped my organization?

From CMDB configuration monitoring, it can provide information changes.

What is most valuable?

Analytics. It can provide log information from the device. With log information, I can see if there is a threat

What needs improvement?

In the CMDB configuration monitoring. Example, if there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it.

What do I think about the stability of the solution?

Yes.

What do I think about the scalability of the solution?

Yes.

How are customer service and technical support?

Very good.

Which solution did I use previously and why did I switch?

FortiSIEM is better than previous products.

How was the initial setup?

Complex due to the configuration.

What's my experience with pricing, setup cost, and licensing?

Please be cheaper and more simplified.

Which other solutions did I evaluate?

Yes, but I cannot mention it because of privacy issues.

What other advice do I have?

Please do a PoC.

Disclosure: My company has a business relationship with this vendor other than being a customer: I'm Partner.
Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Consultant
The product is a well rounded performer when it comes to combined Infrastructure and Security monitoring, however in traditional SIEM bake-offs, they need a lot more flavour to make it exciting.
Introduction:  How many of you remember Cisco MARS? Well, if you don’t, let me remind you that they were one of the earliest SIEM products around that stemmed from the infrastructure monitoring space. MARS was geared more towards monitoring and reviewing network infrastructure including their utilization, performance availability and logs. After a brief run in enterprises that were Cisco heavy, the product died a natural death. People who were involved in the product left Cisco and started AccelOps (Accelerate Operations). As a product, they took the fundamentals of data collection and integrated infrastructure log, event monitoring to the data analytics platform. The result is a promising product called AccelOps. They have since been acquired by Fortinet, marking their foray into the…

Introduction: 

How many of you remember Cisco MARS? Well, if you don’t, let me remind you that they were one of the earliest SIEM products around that stemmed from the infrastructure monitoring space. MARS was geared more towards monitoring and reviewing network infrastructure including their utilization, performance availability and logs. After a brief run in enterprises that were Cisco heavy, the product died a natural death. People who were involved in the product left Cisco and started AccelOps (Accelerate Operations). As a product, they took the fundamentals of data collection and integrated infrastructure log, event monitoring to the data analytics platform. The result is a promising product called AccelOps.

They have since been acquired by Fortinet, marking their foray into the larger Enterprise SIEM market dominated by the likes of HP, IBM, Splunk, etc.

AccelOps:

As you can guess, by virtue of collecting data from various sources like network devices and servers, AccelOps is a product that provides fully integrated SIEM, file integrity monitoring (FIM), configuration management database (CMDB), and availability and performance monitoring (APM) capabilities in a single platform.

  • APM Capability: This is their strong suit and it is MARS on steroids. AccelOps excels in capturing statistics to provide insights into system health. This provides value in a MSSP/NOC/SOC setup as there is no need for an additional monitoring platform. Again, Syslog or SNMP are your best bets for APM.
  • File Integrity Monitoring: Very few SIEM products (think AlienVault) offer native FIM capabilities and to see it in AccelOps is refreshing. The way they do so is no surprise as FIM can only be done effectively using an agent-based approach and Accelops does the same.
  • CMDB: AccelOps has the capability to keep track of all the elements in an organisation’s network infrastructure like network devices, UPS, servers, storage, hyper-visors, and applications. Using the data, a Centralised Management Database (CMDB) is available in AccelOps. This again is very unique and even AlienVault with all its Unified SIEM branding, does not shine as much as AccelOps does.
  • SIEM: Now that all the data from various network infrastructure is available in AccelOps along with CMDB, the ability to cross-correlate, in real-time, becomes easy and AccelOps does that using its own patented correlation engine. The SIEM capability comes with all the bells and whistles one would expect – rules, dashboards, alerting, analytics, intelligence, etc.

Now let us look at the Strengths and Weakness of AccelOps as a product

The Good:

  • AccelOps’ combination of SIEM, FIM and APM capabilities in a single box helps in Centralised operations as well as security monitoring.
  • AccelOps serves as a centralised data aggregation platform for system health data, network flow data, as well as event log data.
  • AccelOps has a mature integration capability with traditional incident management and workflow tools like ServiceNow, ConnectWise, LanDesk and RemedyForce.
  • From a deployment flexibility point of view, AccelOps excels in virtualisation environments. However, they are also available in traditional form factors. If customers prefer cloud, they are also available for deployments in either public, private or hybrid clouds.
  • From an architecture perspective, they have three layered tiers.
    1. The Collector tier does exactly what the name suggests – collects data from end log sources.
    2. The Analytics tier receives data from the collector tier. This analytics tier is built on big data architecture fundamentals supporting a master/slave setup. In AccelOps terms, it is a Supervisor/Worker setup.
    3. The Storage tier then serves as the data sink housing the CMDB and the big data file system.
  • Because of the architecture setup, the scalability is not an issue with AccelOps. It does scale well with clustering at Analytics and Storage tiers.

The Not So Good:

  • The most obvious is that AccelOps as a product has relatively low visibility in the market. However, this is bound to change with the Fortinet buy. They will hopefully be seen in more competitive bids and evaluations.
  • While AccelOps tries to be a “Jack of All”, it unfortunately is a master of none. This means that the product has poor support for some third-party security technologies, such as data loss prevention (DLP), application security testing, network forensics and deep packet inspection (DPI).  This hinders the product's versatility in large environments.
  • Parsing is a key aspect of SIEM and in this area too AccelOps lacks extensive coverage as seen amongst competition. While most of the popular ones are parsed out of the box, others require custom parser development skills, which unfortunately requires a steep learning curve or product support to help build.
  • While for Network engineers and analysts the interface makes sense, from a SIEM view, the usability could definitely be improved. This issue is evident when looking at dashboards, report engines, alerts, etc., which seem to be afflicted with information overdose.
  • Ease of deployment is there, however, the configuration takes a lot of time considering the fact that there are several tool integrations to be done before it can generate value. Some of the configurations are really complex and may lead to the user or admin being spooked. We were reminded of the MARS days time and again while evaluating this product.
  • The UI, while presenting data in a very informative way, suffers from too much clutter, hindering usability. While this is a personal opinion, with SIEM tools comparisons against the likes of IBM, Splunk, and even LogRhythm, the AccelOps UI does not excite. We hope that Fortinet brings to the fore its UI maturity to AccelOps, thereby becoming much more savvy.
  • Correlation capabilities are very good when it comes to data visibility, compliance, and infrastructure monitoring use cases. However, when it comes to threat-hunting, trend analysis, behaviour profiling, AccelOps has a lot of ground to cover.
  • Without Infrastructure data, AccelOps loses its edge. As a traditional SIEM, collecting only Event logs makes it look like a pretty basic SIEM. This can be quite an issue in organisations where infrastructure monitoring is already being done by other tools. Unless customers duplicate data sets across  the tools, the value is poor.

Conclusion:

All in all, the product is a well rounded performer when it comes to combined infrastructure and security monitoring, however in traditional SIEM bake-offs, they need a lot more flavour to make it exciting. Hopefully the Fortinet buy will do just that. We will continue to watch out for this product and its road map in coming months.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Network Engineer at a sports company with 51-200 employees
Real User
I can write my own parsers for the devices that are not supported. I am unable to perform complex/nested queries.

Pros and Cons

  • "The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
  • "The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."

How has it helped my organization?

It is provides extremely fast and flexible query of logs/events on the network. For example, it’s easy to write a quick query for all the “authentication” requests on the network, regardless of where they came from, i.e., during the past days, weeks or months.

What is most valuable?

The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature. It’s impossible to find an application that supports every device/manufacturer that we have. Thus, being able to write my own parsers for device logs, allows for greater scalability.

What needs improvement?

The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries. However, it does function well for our day-to-day operations.

What do I think about the stability of the solution?

We did experience some stability issues. The parser engine crashes often, but it does recover without any noticeable impact to the performance or service.

What do I think about the scalability of the solution?

There were no scalability issues; the product scales well for us.

How is customer service and technical support?

Support was very good when owned by AccelOps. I have not opened any recent cases with Fortinet since its buyout.

How was the initial setup?

The setup was pretty complex, but we had great support from AccelOps.

What's my experience with pricing, setup cost, and licensing?

I haven’t looked at the latest offerings or licensing models since Fortinet bought this product. Previously, AccelOps was looking to add other Tableau reporting modules for more complex reporting purposes. This was not attractive to us, due to the high cost of Tableau's licensing. Also, it required licensing for an event forwarding engine to be installed on the servers. The cost was getting high when we looked at licensing for 50-plus servers.

Which other solutions did I evaluate?

We only evaluated this solution and loved the capabilities that it offers. We decided to take a chance and I’m not sorry that we did. Overall, the experience has been very positive.

What other advice do I have?

Make sure you size the solution to the number of devices and servers on the network. Don’t be afraid to add additional workers.

Try to avoid using WMA formats for log retrieval of the busy servers; this is extremely resource-intensive. Price out the event forwarding engine that they offer and add it to your budget.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RO
Infrastructure Operations Manager at a computer software company with 501-1,000 employees
Real User
It provides me with operational oversight on our environment using configured dashboards and reports.

Pros and Cons

  • "There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
  • "The biggest thing that could be better is a quicker response to support cases."

Improvements to My Organization

In large-sized medium-sized and a small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root cause. The most value I’ve found in it, quicker time-to-resolution.

Valuable Features

I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.

Room for Improvement

The biggest thing that could be better is a quicker response to support cases.

Stability Issues

As I keep the system updated it helps to keep the system stable, but it’s been extremely stable and extremely reliable.

Scalability Issues

I have scaled it out with multiple workers and collectors. It’s scaled in every direction that I would like it to, geographically and from a correlation and reporting capacity standpoint.

Customer Service and Technical Support

I’ve had lots of different engagements with support over the years and generally I’ve had very good support, knowledgeable staff and occasionally you’ll have a weird problem, longer to resolve than some other problems; but generally speaking, the support’s been very good.

I’ve used the product for a long time so I’ve requested quite a few different features. Those features have always been added, and it’s been more or less the time they need depending on what the feature is.

Initial Setup

It’s not harder than any other similar product. It’s very easy to set up in the fact that they provide an OVA file that you can quickly and simply download and with a few configuration settings be on the network. There are multiple other deployment options for other hypervisors as well as bare metal deployments. More than anything the troubles come with configuring all of your log sources to send the necessary log messages. That’s true for any product, not just Accelops.

Other Advice

My advice would be to come up with a game plan to figure out exactly what devices or what system to focus on. Then (once you become familiar with reporting, alerting and tuning) integrate more devices/systems into Accelops.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user404364
Information Security Officer at a aerospace/defense firm with 10,001+ employees
Real User
We like its visibility and flexibility. It allows us to get real-time, accurate, situational awareness of what's going on.

Pros and Cons

  • "We're able to get real-timec as well as our customer networks that we're monitoring at all times."
  • "The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much."

How has it helped my organization?

We're able to get real-timec as well as our customer networks that we're monitoring at all times.

What is most valuable?

  • Visibility
  • Flexibility

What needs improvement?

The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph. I've already made a specific feature request to just make it look sexier because that's what customers like to see.

What do I think about the stability of the solution?

The stability has been very good. We've had no issues with instability.

What do I think about the scalability of the solution?

What we really like about it is the ability to scale without costing an arm and a leg for us. They're highly virtualized and, as a result, we're able to deploy in a lot faster manner than shipping their metal to a location that might have to be purchased in another state or country.

How are customer service and technical support?

We have used their technical support as well as their customer service. They've always got back to us in a timely manner. We've never had an issue of being able to get to the right person. If it doesn't get to the right person, it gets escalated very fast.

Which solution did I use previously and why did I switch?

We used LogRhythm, and Accelops replaced it.

How was the initial setup?

I wasn't involved in the initial setup, but my team was.

What other advice do I have?

You always have to do your due diligence. I'm pretty sure a lot of the other competition is just as capable, however we deal with aircrafts, which is a different, unique beast. It enables us to understand an aircraft or sat-com network infrastructure, so it's not like a traditional type of log file that you have to normalize.

Some companies work with Windows desktops and servers, but we don't. Again, be sure to do your due diligence because whether Accelops is right for you depends on your use case. Make sure also that you have an MSSP model like we do so that you're able to deliver for your customers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user404421
Associate Director, Network Services at a university with 1,001-5,000 employees
Vendor
It can take logs from all my devices agentlessly and correlate data. I'd like to see a more streamlined dashboard.

Pros and Cons

  • "The primary valuable feature is that it has replaced a whole lot of other products with one platform."
  • "It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."

How has it helped my organization?

Although we're still in training, we can expect to see and address issues in our network, such as configuration errors that caused latency between disc, storage and server that we weren't aware of before.

What is most valuable?

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

What needs improvement?

It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there. I'd like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I'm looking for to determine whether we're healthy, what's our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.

What do I think about the stability of the solution?

So far, it appears to be stable. Early on, there were some lags with certain things happening and my guys weren't quite sure how stuff fit together, but I think that will wash out in the training. We need it to provide alerts, monitoring, security, and SIEM.

What do I think about the scalability of the solution?

We've had no issues with scalability.

How is customer service and technical support?

It's too early to comment on technical support. I don't have any complaints, and neither do my guys, so that's a good sign.

How was the initial setup?

They got the system up and running pretty easily and now he's working with the engineering groups and others to start making sure that the SM&NT logs are all set. Right now we're in ramp-up mode, so once it's fully loaded we'll be able to talk more about how it's performing with that volume of logs and all the dashboards and things that we started automating.

What about the implementation team?

I trust my server lead and his guys for the setup. They had to build a bigger box with new storage to keep all the new logs that we started pointing at it.

Which other solutions did I evaluate?

We knew we needed an SIEM tool, and actually looked at Accelops a year ago. At the time, it just wasn't stable enough and we didn't quite have the funding. Now, we did another review and Accelops came out on top with some improvements and better pricing. I found the initial money and had extra budget for ongoing maintenance.

What other advice do I have?

Any of the top SIEM tools like this is going to give you a lot of information and that in itself is the challenge. There's so much information that you need to have at least one person who's dedicated almost full-time to it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user390012
Manager, Security Services at a financial services firm with 5,001-10,000 employees
Vendor
We like the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation.

Pros and Cons

  • "The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
  • "Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."

How has it helped my organization?

There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.

What is most valuable?

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

What needs improvement?

Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.

Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.

What do I think about the stability of the solution?

In general, the system is stable.

What do I think about the scalability of the solution?

We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.

How are customer service and technical support?

Customer Service:

Customer service is mediocre, but the relationship is improving with focused attention on customers.

Technical Support:

Technical support is good.

Which solution did I use previously and why did I switch?

We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.

How was the initial setup?

The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.

What about the implementation team?

We implemented it with out in-house team.

Which other solutions did I evaluate?

We didn't evaluate other options as this was a direct, suggested replacement to MARS.

What other advice do I have?

Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user293910
Senior Enterprise Information Security Architect at a healthcare company with 1,001-5,000 employees
Vendor
It provides intelligent alerting and the out-of-the-box rules don't require much tuning or management overhead.

What is most valuable?

  • The automation piece -- its ability to dynamically discover which services need to be monitored and to automatically setup the appropriate monitoring.
  • We also like the intelligence behind the alerting; we like the out-of-the-box rules that don’t require a lot of tuning.
  • The product doesn’t require a lot of manpower, so there isn’t a lot of tuning or management overhead required for it.

How has it helped my organization?

We outsource a lot of our IT. We are able to monitor performance and security and to perofrm audits to ensure our outsourcing partners are doing what we are pay them for.

What needs improvement?

The way that upgrades are handled could be a bit cleaner. That might have been improved in the new version, but where we are, the upgrade process takes the system down for the period of the upgrade. So the lost data during that downtime can be frustrating.

For how long have I used the solution?

I've used it for four years.

What was my experience with deployment of the solution?

We did, but AccelOps were very, very helpful. I don’t think the product was configured or tuned for an environment as large as ours, so there were some performance issues at first, but they were very helpful and they had developers and engineers on the phone with us to help resolve those issues. They even used the experience with us as a test case to build improvements into the product.

What do I think about the stability of the solution?

No issues since the product was installed.

What do I think about the scalability of the solution?

No issues since the product was installed.

How are customer service and technical support?

Customer Service:

Their sales people have always been helpful and friendly, and they’ve given us some things for free, like training. It’s been good. We’ve even had some of the higher-ups at AccelOps call us with new product offerings for us because they know our organization so well.

Technical Support:

I would say it’s more on the average side. Once I can get someone engaged they’re good about getting the problem solved, but sometimes it’s hard to get someone on the line to help resolve your problem.

Which solution did I use previously and why did I switch?

No, this is the first solution like this that we’ve had.

How was the initial setup?

The setup was straightforward, but the performance issues we had were the biggest stumbling block. In terms of getting it out of the box and up and running, it really wasn’t difficult at all.

What about the implementation team?

I did it myself in-house.

What's my experience with pricing, setup cost, and licensing?

The pricing is very, very affordable. For the value you get, I think it’s about the cheapest solution on the market.

What other advice do I have?

I think the biggest thing to understand is that it’s like a Swiss Army knife. You get a lot of tools for a lot of things, but don’t expect it to be a killer app in any one area.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user293913
IT Security and Compliance Officer at a energy/utilities company with 501-1,000 employees
Vendor
It gives us a greater visibility into potential data/network breach attempts with the monitoring and alerting capabilities.

What is most valuable?

  • Log correlation
  • Alerting

How has it helped my organization?

AccelOps gives us a greater visibility into potential data/network breach attempts with the monitoring and alerting capabilities.

What needs improvement?

Ease-of-use for end users that do not spend every day in the product.

Also, the presentation of historical and trending data in dashboards needs to be improved immensely. Something as simple as an RRDtool graphing mechanism on a dashboard would be a huge improvement to the product.

For how long have I used the solution?

I've used it for one and half years.

What was my experience with deployment of the solution?

Not that I recall, but its been over a year since deployment.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's high.

Technical Support:

Medium to high, some of the problems is just in the maturity of the product and how AccelOps develops this moving forward.

Which solution did I use previously and why did I switch?

Solarwinds, we assumed that AccelOps would be an easier product to manage moving forward and it was less expensive.

How was the initial setup?

I don't think it was complex.

What about the implementation team?

In-house with a little assistance from support.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user284157
Senior Network Security Architect at a retailer with 1,001-5,000 employees
Vendor
It helps us identify the origin of a DoS attack, where it came from, how long it lasted, how intense it was, etc. and take the appropriate action.

What is most valuable?

The primary thing I use it for is monitoring IPS because we have 12 or 14 Cisco IPS devices, and the Cisco solution for monitoring that many IPS devices is hokey at best, aside from it being expensive. I also use it when we’re trying to track down activity on a particular IP address – I use the query engine to search for things like that.

How has it helped my organization?

We’ve had some situations where we’ve either gotten hit with a DOS attack or we’ve gotten notification that we’ve been blacklisted because some IP that belongs to us is roaming the internet trying to bogusly log in to SNMP servers. So, we’ll take that IP, or wherever the DoS is coming from, and run a query over the last 30 days or so, to see just what the activity on that machine has been, and make various decisions from that. In a couple of cases it’s meant to shut down the machines and get them off the network because they’ve obviously got some kind of malware on them. In other cases, it’s been a matter of determining the exact scope of DoS – where it came from, how long it lasted, how intense it was, etc.

What needs improvement?

One of the things that actually opened a ticket about (and they couldn’t help me) is when traffic is leaving our network, it’ll only report the source. I would think that if it’s examining the packets that it should also be able to give me the destination. It’s not possible to tell me whether it reached the destination, but it would be helpful to know where it was headed when it left the network. That field is always empty in the query.

For how long have I used the solution?

I've used it for about a year.

What was my experience with deployment of the solution?

No serious issues.The biggest issue I had with their deployment methodology as a virtual appliance – with the way things our VM farms are structured – there are only a couple of people that are allowed to bring up OVAs, which is the way they ship the product, so I have to get their time to do any kind of upgrade.That’s why I recently queried the helpdesk on what was required to do the upgrade that’s available to us (at no cost), and they pointed me to a manual which I haven’t had time to download yet. My guess is I’m going to have to deploy a separate OVA.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

We've not had any issues so far.

How are customer service and technical support?

Customer Service:

The only complaint I have is that they wouldn’t issue a license until they had the check in their hands, which is not my experience with other vendors. If you issue a PO for something, usually you get a license immediately – in their case they wouldn’t until they had actually gotten payment, which was a little frustrating.

Technical Support:

I have tried to open some tickets, and usually they’ll respond with a note at the top of the response. It says “if you’re responding to this email do it above this line,” and I didn’t see that the first time I got an email like that, so for weeks they kept sending me emails saying I hadn’t responded to their initial contact. To me that was a little bit nit-picky.

Which solution did I use previously and why did I switch?

I inherited a solution that was discontinued by the vendor, and I was charged with finding a replacement.

How was the initial setup?

Once we got the OVA file, and I was able to commandeer some time from the appropriate people here, it wasn’t an issue.

What about the implementation team?

It was in-house. Part of the initial purchase included some on-site time with one of their engineers, so I used that time to do an upgrade while he was here.

What's my experience with pricing, setup cost, and licensing?

The pricing seems fairly standard in terms of the pricing model, so how it compares to other similar products I don’t know. The people I took this to about replacing the other product didn’t seem to blink at the price.

Which other solutions did I evaluate?

We ran a PoC for Accelops for a trial period, so we didn’t look as much into other products.

What other advice do I have?

It would be to get as good an estimate as you can of what EPS's you’ll need before you get pricing and so forth. We underestimated what we would need, which is what precipitated ordering additional licensing and not being able to get them right that.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user277014
Systems Administrator with 501-1,000 employees
Vendor
Dashboards provide us with the real-time status of our network, including specific alerts and granular monitoring.

Valuable Features

The granular monitoring capabilities. Also, it's very configurable.

Improvements to My Organization

It gives greater visibility via the dashboards into the real-time status of the network. Additionally, it also provides specific alerts and performance monitoring.

Room for Improvement

Some of the out-of-box dashboards could be more useful, as they’re not configured out-of-box. Some other products we’ve used give a lot more information right out of the box. With Accelops, we didn’t get quite enough useful information at the beginning. Ping monitors (STMs) are highly configurable, but it would be nice to have a simpler monitor to go with it, like a simple ping monitor. As it is, we have to go through three different processes and 30 minutes to get the ping monitor up with email notifications. It should have an easier way to configure some of these more common monitors.

Use of Solution

I've used it for two years, but the firm has had the solution in place for longer.

Stability Issues

The product is always stable, but there were a few bugs. During some of the upgrades, fixing one problem revealed another, so we had to go through several patch iterations to find a bug-free version that works for us.

Scalability Issues

None. Far more scalable than is required for us.

Customer Service and Technical Support

Customer Service:

Great - we’d give it a 10/10.

Technical Support:

6/10 - as far as the techs go, they are knowledgeable, but when trying to get a hold of a tech or have them call back, they weren’t responsive. It was one of my biggest frustrations with the product, and I started to look elsewhere for another solution at one point. Issues that could have been resolved in 30-60 minutes sometimes took months, but they have improved.

Other Advice

Just do your research – the product does a lot, but it may be more than you’re looking for. Also, be aware that it requires a lot of time to maintain, set up, and configure.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user276174
Director of IT with 501-1,000 employees
Vendor
We've been able to monitor our account-hacking issues internally, including attempted attacks on our network and logins to accounts.

What is most valuable?

The security notifications and monitoring features.

How has it helped my organization?

With the online-based monitoring we've set up, we've been able to watch trends of attempted attacks on our network.

We're also able to monitor our account issues internally as attackers attempt to log into our accounts.

We fall under HIPAA so security is key.

What needs improvement?

As we're an SMB, I would like to see different licensing options and the solution is priced out of the reach of some small businesses. It was a priority for us, though, because of the HIPAA regulations we fall under, and a more attractive licensing structure would be nice for SMB's.

For the product itself, it's the configuration. You really have to have their help to configure the product. When hands are off and it's in maintenance mode, it's difficult to configure unless you're totally engrossed in the product on a day-to-day basis.

For how long have I used the solution?

I've used it for one year.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

9/10, based strictly on the limited experience with one person that I've had.

Technical Support:

9/10, based strictly on the limited experience with one person that I've had.

Which solution did I use previously and why did I switch?

We used freeware or third party apps (two or three of them), but we liked the consolidation of this product -- one interface, one screen -- to capture what the other applications were doing.

How was the initial setup?

It was complex because we didn't know the product. It's pretty in-depth, but once we got familiar with the software it made a lot of sense.

What about the implementation team?

We had the vendor help us implement, and they were 8/10.

What's my experience with pricing, setup cost, and licensing?

As mentioned above, they need to improve their licensing, but it depends on what industry segment they're going after. Maybe introduce some kind more attractive bundle for SMB's to help them get started with the product.

Which other solutions did I evaluate?

We did, but I don't recall which ones.

What other advice do I have?

Everyone's implementation will be different, so be very focused and deliberate in what you want to monitor, because you can inundate the system.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros sharing their opinions.