Description
This article describes how Threat Analytics identifies the incidents that matter most, across all FortiWeb and FortiWeb Cloud-protected applications.
Scope
FortiWeb, FortiWeb Cloud.
Solution
When more web applications are deployed to support critical line-of-business functions (payroll, supply chain management, HR, e-commerce, and more), the attack surface of those web applications becomes increasingly attractive to threat actors. Those applications can touch exactly the kind of sensitive data that attackers are looking for. With potentially hundreds of applications to protect, the SOC can get overwhelmed by the sheer volume of security incidents and it becomes hard to identify the important threats that the SOC should focus their limited resources on. This is where FortiWeb Threat Analytics comes in.
FortiWeb Threat Analytics identifies the most important threats across the entire web application attack surface by ingesting events for all of your FortiWeb protected applications, without regard to which form factor of FortiWeb is used: appliance, VM, or our WAF as a service offering, FortiWeb Cloud.
Using machine learning algorithms, Threat Analytics identifies and aggregates security alerts from all protected apps into comprehensible security incidents. By identifying patterns, significant threats are separated from informational alerts and false positives to help focus on the threats that matter.
If currently using FortiWeb Cloud, it is possible to access Threat Analytics from the admin dashboard (and if not, there is a live demo environment available at FortiWeb-Cloud.com). For FortiWeb appliance and VM customers, this feature is included as part of the advanced bundle. See instructions for enabling it in the admin guide.
