Large company has many 1000s of users and 100s of applications & 100000s of sensors in dedicated and outsourced data centers, offshore factories as well as cloud based services. The company requires a streamlined and automated set of monitoring and incident response tools to enhance their security posture & meet their regulatory compliances (e.g. ISO27001, GDPR, HIPPA, PCI).
Fortinet SecOps The ability to collect & analyze vast amounts of log data in real time to correlate events, look for anomalies & patterns in network and application behaviours that may indicate a threat was a big challenge (e.g. a large spike in traffic from an external know malicious IP).
Fortinet’s SoC comprises a star chain of devices including FortiGate, FortiSIEM, FortiAnalyzer, FortiSOAR, FortiSandbox, XDR, EDR. FortiSOAR allows for advanced playbook interaction & automation without having any human interaction. Playbooks allowed automation & threat mitigation, reporting and resolution. Dashboards and customized scheduled reporting allow for regular updates and GUI based recognition of any anomalies. Incident management workflows allow for threats to be dealt with in a methodical way with the ability to attach reports and notes as the incident is dealt with.
Improved threat detection capabilities & automated analysis & incident create & resolution using advanced ML/AI features. The tools also comprise of advanced proactive threat hunting and IoC methods as well as mail outbreak alerts to avoid security breaches in zero day situations. The FortiSOAR allows for automated triage of security alerts and manual enrichment of information to facilitate the SoC Analysts. FortiGuard along with the Fortinet SecOps solution provides industrialized threat signatures and analysis of very specific protocols.
