We are proud to announce that Fortinet FortiSOAR was named an overall leader in the 2023 KuppingerCole SOAR Leadership Compass. The report profiles 14 SOAR vendors across product, innovation, and market presence criteria, ranking FortiSOAR as a top 3 solution across all. As the report notes, “FortiSOAR is the champion product when it comes to automation and having the ability to maximize existing tools”.

The report notes the continuing evolution and importance of SOAR solutions to organizations and MSSPs that have embraced a multi-vendor security approach and want to bring those best of breed products together in a unified way. You can read more about the FortiSOAR evaluation below.

Get a complimentary copy of the report here.

FortiSOAR serves over 300 enterprise, government, and MSSP customers

Many of the biggest names across industry, government and security service providers depend on FortiSOAR automated incident management as the backbone of their security operations. Whether you’re looking for a mission-critical SOC platform or a turnkey SaaS automation solution that will meet your evolving needs, FortiSOAR should be on your shortlist.

The FortiSOAR Evaluation

The spider graph represents the FortiSOAR ranking in the product evaluation areas described below. (Note that FortiSOAR has published two new product releases since the evaluation was done.)

Responses

This category measures the types of manual and automated responses available in a given platform. Examples of response actions might include enabling/disabling user accounts, blocking communications by IP or URL, isolating nodes, etc. 

Enrichment

Enrichment is the process of adding intelligence and context to security events and incidents. This measures the quantity and quality of threat intelligence sources available to each vendor’s SOAR solution.

Case Management

This metric evaluates how well the SOAR solution automatically processes enriched event information and presents it to analysts for action. Case management also includes automation of preliminary analysis, background triage, facilitation of collaboration between analysts, and interoperability with ticketing systems.

API Support

This measure illustrates each solution’s API options, including protocols, formats, and authentication methods supported. 

Analyst Interface

This category appraises the utility of and presentation of information within the analyst interface. The analyst interface should allow queries to be easily built and executed, extensive drill down and linking of data between screens, map and timeline views, attack and response visualizations, incident-to-artifact relationship visualization, root cause analysis, etc. 

Investigations

This category describes the features that enable analysts to conduct investigations, including methods for building queries, IOC updates, ability to create custom IOCs, behavioral analysis for creating baseline profiles, ML-enhanced detection and classification of outliers, and integration with SIEM and other analytics tools. 

Automation

Automation seeks to expedite investigations, threat hunting, and responses by packaging common activities such as aspects of event correlation, case creation and maintenance, alerting and communications, threat intelligence gathering, threat intelligence updates, and generation of recommendations. We expect modern SOAR solutions to be able to remove the statistical noise and reduce false positives without human intervention, by relying on techniques like behavior analysis and machine learning.

Threat Hunting

Threat hunting is a proactive cyber defense activity. Analysts sometimes need to search for signs of intrusions or other malicious behavior that may not be already identified as IOCs. SOAR platforms support threat hunting by building flexibility that allow analysts to customize their workspace to conduct these exploratory processes. This classification rates the features available for and their extensibility for threat hunting.

Learn More About FortiSOAR

To learn more about FortiSOAR, please visit our website. You can also visit the FortiSOAR Content Hub to view the 500+ integrations and 800+ pre-build playbooks available with FortiSOAR. Get a complimentary copy of the full KuppingerCole SOAR report here.