Fortinet Delivers Integrated NOC-SOC Solution to Automate IT Processes and Security Response
John Maddison, senior vice president of Products and Solutions at Fortinet
“Both security and IT teams are challenged by resource constraints, yet workloads and the rate of cyber threats continue to rise in scope and complexity. As the industry faces a cyber talent shortage and the pressure to maintain operational efficiency and security efficacy is critical for digital business, a new approach is needed that brings visibility and control into the NOC with workflow and response automation in the SOC. Fortinet is introducing a customized NOC-SOC solution that bridges the gap across IT disciplines to achieve broad and automated security response.”
Fortinet (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced at the RSA Conference 2018, the industry’s first purpose-built NOC-SOC solution that bridges workflows, analysis and automated response across operational and security processes.
- Building on the Fortinet Security Fabric architecture, Fortinet has combined the latest capabilities of FortiManager 6.0, FortiAnalyzer 6.0 and FortiSIEM 5.0 to offer a unique NOC-SOC management and analytics solution.
- NOC-SOC approach to management enables enhanced security operations visibility with a new graphical Security Fabric topology view and extensions into both private and public cloud environments, with dynamic policy objects.
- New Security Rating feature combines analytics from FortiGate, FortiAnalyzer and FortiManager with threat intelligence services from FortiGuard to provide enterprises with a quantifiable security posture. Rating includes expanded audit rules, risk scoring and industry benchmarking with customized auditing based on network environments.
- New Incident Response (IR) tracking capabilities allow users to automate responses across silos based either on predefined triggers (system events, threat alerts, user and device status) or through direct ServiceNow IT Service Management (ITSM) integration.
Bridging the Gap Between Silos Requires Automated, Integrated Network & Security Operations
According to a recent Global Information Security Workforce Study, the cybersecurity workforce gap is expected to reach 1.8 million by 2022, where 66% of the respondents reported not having enough workers to address current threats. As IT increasingly supports complex applications that are spread across systems in multiple locations, from on-premises data centers to the public cloud, the workforce shortage and complexity of these new environments demands a new approach to security management.
Integration across security disciplines – not merely products – enables a greater level of visibility, control and operational management. Fortinet’s new NOC-SOC solution combines the latest capabilities of FortiManager, FortiAnalyzer and FortiSIEM, coalescing the operational context of the NOC, such as appliance status, network performance and application availability, with the security insights of the SOC, including breach identification, stopping data exfiltration, and uncovering compromised hosts.
This level of management and automation crosses traditional siloed functions, allowing each team to operate with the benefit of the other’s perspective. In this new model, once a threat is identified, the SOC teams have a real-time view of all assets, their current state and who owns them, allowing them to immediately understand the scope of the threat and automatically orchestrate action to remediate damage.
This intersection and overlap in operations and security is paramount for the defensive posture and risk management of today’s dynamic business environments. The new features and capabilities in the Fortinet Security Fabric that provide integrated NOC and SOC functionality include:
- Centralized NOC-SOC Management: The latest release of FortiManager, Fortinet’s centralized security management, now natively manages FortiAnalyzer, incorporating all data, analysis, control and perspective in a single pane-of-glass view of NOC and SOC operations.
- Comprehensive Security and Operations Visibility: FortiSIEM brings together the operational context of a full configuration management database (CMDB), including accurate, up-to-the-minute status on all assets, while proactively searching and adding new assets as they come online. Security teams now also benefit from a Fabric Topology within FortiManager and FortiAnalyzer, graphically displaying a map of current assets, their status and security threats. This NOC-SOC consolidated view of operations and security unlocks automation and enables security teams to act more quickly and efficiently.
- Measurable Security Posture Assessments: Security Rating feature continuously evaluates Security Fabric elements to quantify the implementation of security best practices with suggestions on ways to improve operations across the NOC and SOC. Additionally, FortiAnalyzer tracks Security Ratings over time to indicate trends and prove return on investment of security initiatives, while also providing a comparison view of your security posture versus your industry peers, based on size or region.
- Cross-silo Automation with ServiceNow: As a Fabric-Ready partner, ServiceNow is being integrated into NOC-SOC-based workflows to span operational silos. Security incidents created in FortiAnalyzer or FortiSIEM, with appropriate evidence and forensics added to the ticket, are automatically passed to ServiceNow Security Incident Response. Analysts working from the ServiceNow platform can determine how to resolve the incident and choose from a catalog of responses. Responses that require changes to device configuration are automatically implemented through FortiManager, thus closing the loop and seamlessly bridging the security and operation teams.
Fortinet at RSA Conference 2018 - Booth #N3919
Fortinet is a Gold Sponsor of the RSA Conference 2018 and will be participating in speaking sessions at the event and have an in-booth theater featuring Fortinet experts presenting on the Fortinet Security Fabric. Several Fortinet solutions will be demonstrated including Advanced Threat Protection, multi-cloud security solutions, and FortiGuard Labs global threat research. The theater will also feature presentations from a number of Fabric-Ready Partners showcasing the unique interoperability, scope, and flexibility of the Fortinet Security Fabric. Read more on Fortinet activities at RSA here.
Fortinet executives and threat researchers will be available for press interviews during the conference at Booth #N3919. Please contact firstname.lastname@example.org with any requests.
“As customers introduce new cloud technologies that expand their attack surface, IT and security workflows must be more closely integrated to ensure effective security response. Through our collaboration with Fortinet, our joint customers benefit from automated escalation and management of cybersecurity issues detected through Fortinet products and remediated through the ServiceNow platform.”
- Odin Olson, senior director of Business Development at ServiceNow Security Operations
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security features without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 340,000 customers trust Fortinet to protect their businesses. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2018 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiASIC, FortiMail, FortiClient, FortiSIEM, FortiSandbox, FortiWiFi, FortiAP, FortiSwitch, FortiWeb, FortiADC, FortiWAN, and FortiCloud. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.