Description
This article describes how Threat Analytics identifies the incidents that matter most, across all FortiWeb and FortiAppSec Cloud-protected applications.
Scope
FortiWeb, FortiAppSec Cloud.
Solution
When more web applications are deployed to support critical line-of-business functions (payroll, supply chain management, HR, e-commerce, and more), the attack surface of those web applications becomes increasingly attractive to threat actors. Those applications can touch exactly the kind of sensitive data that attackers are looking for.
With potentially hundreds of applications to protect, the SOC can get overwhelmed by the sheer volume of security incidents. It becomes hard to identify the important threats on which the SOC should focus its limited resources. This is where Threat Analytics comes in.
Threat Analytics identifies the most important threats across the entire web application attack surface by ingesting events for all of the FortiWeb protected applications, without regard to which form factor of FortiWeb is used: appliance, VM, or the WAF as a service offering, FortiAppSec Cloud.
Using machine learning algorithms, Threat Analytics identifies and aggregates security alerts from all protected apps into comprehensible security incidents. By identifying patterns, significant threats are separated from informational alerts and false positives to help focus on the threats that matter.
If currently using FortiAppSec Cloud, it is possible to access Threat Analytics from the admin dashboard (and if not, there is a live demo environment available at https://appsec.fortinet.com). For the FortiWeb appliance and VM users, this feature is included as part of the advanced bundle. See instructions for enabling it in the admin guide.
