Fortinet - Automated SOC with the Fortinet Security Fabric in FortiAnalyzer Managed Service from EnBITCon

The digital attack surface is expanding at a rapid pace, making it increasingly difficult to protect against advanced threats. According to a recent Ponemon study, nearly 80% of organisations are adopting digital innovations faster than they can secure them against cyberattacks. In addition, the challenges of complex and fragmented infrastructures continue to enable an increase in cyber events and data breaches. Various point-in-time security products deployed in some organisations tend to operate in silos, denying network and security operations teams clear and consistent visibility into what is happening across the enterprise.

An integrated security architecture with analytics and automation capabilities can address and dramatically improve visibility and automation. As part of the Fortinet Security Fabric, FortiAnalyzer provides analytics and automation to the security fabric to enable better cyber risk detection and response.

Integrated with Fortinet's Security Fabric, FortiAnalyzer simplifies the complexity of analysing and monitoring new and emerging technologies that have expanded the attack surface, and provides end-to-end visibility to help you identify and remediate threats.

Key features

• Security Fabric analytics
  Event correlation across all protocols and real-time anomaly detection with Indicator of Compromise (IOC) service and threat detection, reducing time to detection
• Fortinet Security Fabric integration
  Correlates with FortiClient, FortiSandbox, FortiWeb and FortiMail protocols for deeper visibility and key network insights
• Security automation
  Reduce complexity and use automation via REST API, scripts, connectors and automation stitches to accelerate security

Security Operations Centre (SOC)

FortiAnalyzer's SOC (Security Operations Centre) helps security teams protect networks with real-time log and threat data in the form of actionable views, alerts and reports. Analysts can protect the network, websites, applications, databases, data centres and other technologies through centralised monitoring, threat detection, event detection and network activity. The pre-defined and custom dashboards provide a single pane of glass for easy integration into your security fabric. The new FortiSOC service subscription provides integrated incident management workflows with playbooks and connectors to simplify the role of security analysts through improved security automation and orchestration.

Incident detection and response

FortiAnalyzer's Automated Incident Response feature enables security teams to manage the incident lifecycle from a single view. Analysts can focus on incident management and identification of compromised endpoints through standard and custom event handlers with rapid discovery, automatic correlation and linked remediation of Fortinet devices and syslog servers with event management and playbooks for rapid assignment of incidents for analysis. Tracking timelines and artefacts with audit history and incident reports, and streamlined integration with ITSM platforms helps you bridge gaps in your security operations centre and strengthen your security posture.

FortiAnalyzer Playbooks

FortiAnalyzer Playbooks enhance the capabilities of security teams to simplify work and focus on critical tasks. Out-of-the-box playbook templates enable SOC analysts to quickly customise and automate their investigation use cases to respond to compromised hosts, critical intrusions, C&C IP blocking and more. Flexible playbook editor for investigated hosts. FortiAnalyzer also allows analysts to drill down into a playbook to review task execution details and edit playbooks to define custom processes and tasks. FortiAnalyzer also includes built-in connectors for playbooks to interact with other Security Fabric devices such as FortiOS and EMS.

Indicators of Compromise

The Indicators of Compromise (IOC) service identifies suspicious usage and anomalies observed in a network or operating system that are classified with high confidence as a computer intrusion. FortiGuard's IOC subscription provides intelligence information that helps security analysts identify risky devices and users based on these anomalies. The IOC package consists of approximately 500,000 IOCs daily and delivers them to our FortiSIEM, FortiAnalyzer and FortiCloud products via our Fortinet Developers Network (FNDN). Analysts can also re-scan historical logs for threat hunting and identify threats based on new intelligence, as well as review aggregate user threat scores by IP address, hostname, group, operating system, overall threat score, a location map view and a range of threats.

Asset & Identity

Security Fabric asset and identity monitoring and vulnerability tracking provides full SOC visibility and attack surface analysis. Asset and identity visibility and classification based on telemetry from NAC. Built-in SIEM module for automatic log collection, normalisation and correlation. Integrated with FortiSOAR for further incident investigation and threat remediation. Supports export of incident data to FortiSOAR via FortiAnalyzer Connector and API Admin.

Reports

FortiAnalyzer provides more than 39 built-in templates ready to use, with sample reports to help you find the right report for you. You can generate custom data reports from logs using the Reports feature. Run reports on demand or on a schedule with automatic email notifications, uploads and an easy-to-manage calendar view. Create custom reports with the 700+ built-in charts and datasets available to create your custom reports, with flexible report formats including PDF, HTML, CSV and XML.

We offer this functionality as a managed service. You then don't have to worry about operation. The experts at EnBITCon take care of that. Not only do we ensure that your Fortinet devices can be managed centrally at all times, we are also the direct contact for questions and problems. Short communication chains mean that concerns can be dealt with quickly and efficiently. This gives you more time to concentrate on your daily business.

If you are interested in our service, we are also happy to advise you or conduct a free 14-day trial. You can easily reach us via phone, email or our contact form.