FortiSIEM Blog
CalvinNguyen
Staff
Staff

The cliché of "threats are evolving" is unavoidable. That is because it is true. With threats constantly changing and becoming increasingly complex, organizations need a strategic vendor that can help them get not only visibility but is operationally smart.

 

The vendor needs to have solutions that enable organizations to operate more efficiently while navigating complexity and big data. To improve on your security strategies, companies should implement solutions that can ingest data quickly from different security solutions and categorize them into events. At the minimum, these solutions should have a way to then alert administrators to take action based on these events. The security vendor should have flexible solutions that can complement not only their solutions, but also be vendor agnostic and enable security administrators to go through logs and events, build a baseline model that will help them detect anomalies faster, continuously monitor their environment, and take auto remediation steps for events that can be remediated.

 

Fortinet's Security Fabric leverage fabric integrations with strategic partners and other Fortinet solutions like Web Application Firewall (WAF), Next Generation Firewall (NGFW), email security, endpoint security, and more, to provide a comprehensive threat protection for customers. Organizations with strict data protection requirements typically deploy a Security Operation Center to get that continuous monitoring and do digital forensic analysis on their system. Customers can set up FortiAnalyzer inside a Security Operation Center (SOC) and leverage the easy to use dashboards to get real time and historical updates on threats within their environments. Additionally, security administrators can analyze events within FortiAnalyzer to react to threats or use FortiAnalyzer to quickly pull information of an event or user. Imagine getting a request from a software vendor saying that your company needs to pay them X amount of dollars for using their software without a license. To get visibility and find out quickly which users are using unauthorized software, you need an analytic solution that can enable you to seamlessly log in and granularly filter out logs to find users using that specific application. With FortiAnalyzer, administrators have the options to do just that.

 

FortiAnalyzer's fabric integrations with our partners give customers that powerful capability to have our logs be sent to their services. Customers using our partner's services can use our integrations to strengthen their security infrastructure. For example, customers using ServiceNow can enjoy integration with FortiAnalyzer to create workflows that can apply automatic security enforcements.

 

For customers looking to get advance visibility into solutions outside of the Security Fabric and want that push & pull integration capability, FortiSIEM leverages its API to be able to not only aggregate logs to a single location, but also take an action based on the logs that it finds. Customers using existing Fortinet solutions can use FortiAnalyzer to do that advance behavioral analytics and provide proactive data protection while leveraging FortiSIEM to handle the management of the data outside of the Fabric. For example, customers using FortiAnalyzer can leverage the Indicators of Compromise solution to do historical rescans to detect the number compromised hosts at a given point in time.

 Picture1.png

 Picture2.png

 

If the compromised host belonged to a network protected by a non-fabric solution, FortiSIEM can automate actions to take to block that compromised host from communicating with another machine. FortiAnalyzer and FortiSIEM can be used either on premise or in the cloud, enterprises have that flexibility on how to architect their environment depending on their security requirements. Customers looking to use FortiSIEM can enjoy over 300 vendor support.

 

 4.png

 

Finally, customers that want to automate security events can be pleased at Fortinet's new acquisition, Cybersponse. Cybersponse is a SOAR solution that helps initiate faster incident response time, offer cross collaborations between teams that were not traditionally integrated, and simplify alert management. With Cybersponse, organizations can now move closer to the left of the development lifecycle and provide an automated workflow that can automate events. If we take a previous example, the customer would have to first manually initialize FortiAnalyzer for the logs to be sent via syslog to FortiSIEM for automatic remediation of the compromised host if it belonged to a non-fabric solution. With Cybersponse, customers can create workflows that can automate this process. Cybersponse playbooks enable customers to create workflows that leverages partner-integrated APIs to automate event responses.

5.png

 

Fortinet's Security Fabric not only provide customers with a broad security protection but also integrate with other solutions within the fabric to help customers apply a comprehensive protection and enable them to operate more efficiently.