Skip to content Skip to navigation Skip to footer

Adaptive Security Orchestration Automation and Response (SOAR)

Rapidly Respond and Improve Efficiency

Solution Brief
Adaptive Security Orchestration Automation and Response (SOAR) banner background banner dots

Overview

Security operation teams face the dual challenges of an evolving threat landscape and increasing operational complexity. To counter the sophistication of attackers and new threats, organizations often deploy a multitude of technologies and strategies.

Integrated into the Fortinet Security Fabric, FortiSOAR security orchestration, automation and response (SOAR) provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents. Using FortiSOAR helps enterprises adapt and optimize their security processes with:

  • Response-times that are up to 98% faster than manual options
  • 160+ out-of-the-box playbooks
  • 350+ connectors

FortiSOAR Features and Specifications

FortiSOAR is a purpose-built product for the modern SOC. With dedicated SOC Queue Management, OOB Vulnerability management, OOB Asset Management, Indicator Repository, Enterprise grade Reporting, SLA Tracking and more.

FortiSOAR is available in VM option only.

View by:

web icon fortisoar incident management 1

Better Understand Data with an Intuitive Interface

FortiSOAR facilitates the efficient investigation of alerts, so security analysts can better understand, review, manage, and act on data.

  • Manage alerts and incident listings in a grid view that can be filtered
  • Add mini-dashboards to each grid to gain visibility and understand larger trends
  • Define new modules and customize their fields, views, and permissions
  • Define custom views, data models, fields, and grids with the visual layout editor
web icon fortisoar incident management 2

An Enterprise Role-based Incident Management Solution

With robust role-based access control, FortiSOAR can manage sensitive data in accordance with SOC policies and guidelines.

  • Create custom roles and team hierarchies
  • Define field-level role permissions with various roles
  • Control data visibility and encryption with multiple role-based views
  • Configure custom views and page layouts using the visual designer
web icon fortisoar incident management 3

Flexible Configuration

FortiSOAR can define new modules, such as custom fields, views, and permissions. Security teams can configure it to the specific requirements of their environment.

  • Create custom modules to define fields as needed, such as a module to store permitted IPs for DevOps to review
  • Use the visual layout builder to define custom views and dashboards
  • Add related fields and cross-link module fields for easier analyst reviews
web icon fortisoar incident war room

Incident War Room

The Incident War Room in FortiSOAR is designed for fully integrated crisis management. It pulls together the components an organization needs during a crisis situation into one unified location, so teams can strategize and assemble a strong response in just minutes.

  • Work with unified dashboards with incident-related metrics, including time lapsed, impacted assets, threat types, and more
  • Communicate in real-time with executives, employees, and critical departments such as HR, legal, and PR
  • Coordinate with external vendors to understand the appropriate remediation steps
  • Facilitate coordination of actions and approvals from a user’s device with mobile support
web icon fortisoar mobile application

Notifications, Approvals, and Monitoring

With the FortiSOAR mobile application, analysts can manage operational and critical tasks in real-time from their mobile device. The app is available on iOS and on Android through the FortiExplorer application.

  • Monitor alert queues and take rapid actions
  • View and investigate alerts
  • Manage tasks
  • Run playbooks
  • Control the user interface through the main platform and perform role-based access control
web icon fortisoar automated workflow 1

Visual Playbook Builder

Create smart automated workflows with ease of product integrations

  • Drag and drop interface allows stringing multiple steps together
  • Plug multiple integrations into workflows
  • Zoom and pan to allow ease of navigation within the designer
  • Intuitive design
web icon fortisoar automated workflow 2

Create Multiple Collections

Manage playbooks better by grouping them into logical folders.

  • Ability to add multiple playbook collections
  • Import playbooks and playbook collections
  • Export collections together with dependent playbooks
web icon fortisoar automated workflow 3

Playbook Prioritization

Ensure vital playbooks are never deprioritized because of less critical automation tasks

  • Assign a normal, medium, or high priority level to each playbook
web icon fortisoar connector 1

Connectors

FortiSOAR integrates with an organization’s entire security stack with a single pane of glass. The connector repository provides unlimited access to hundreds of products from SIEMs and endpoints to threat intelligence platforms. Security teams can streamline their incident response process while maximizing ROI.

web icon fortisoar connectors

Connector Builder Wizard

Create and test connectors seamlessly using the wizard-driven connector builder, which provides a guided experience. Adapt FortiSOAR to your SOC with fast, flexible configurations

  • Build, test, or edit connectors within the product user interface
  • Use guided templates and open-canvas experiences
web icon fortisoar platform mssp 1

Unified Console Built on Enterprise Multi-tenancy Architecture

Get a complete overview of all customers and tenants using the unified FortiSOAR master console.

  • Filter views by customers to understand their current state
  • Assign and adhere to the roles and permissions assigned to each tenant
  • Create customer-specific alert and incident views
  • Load balance usage with the robust and scalable architecture
web icon fortisoar platform mssp 2

Handle Unique Customer Environments and Product Diversity

Easily manage customer environments with multiple third-party solutions.

  • Remotely run automation workflows on a specified tenant
  • Communicate and receive automation status and logs from the tenant
  • Limit data flow to the master console based on customer preference.

See the full list of FortiSOAR’s connectors here!

web icon fortisoar custom role based dashboards 1

Insight from Multiple Perspectives

FortiSOAR offers dashboards for better decision making.

  • Choose from a number of predefined dashboards and multiple views
  • Export and import dashboard templates
  • Export dashboard views as PDFs
web icon fortisoar custom role based dashboards 2

Visual Layout Builder

With an intuitive drag-and-drop interface, FortiSOAR has the ability to define page layouts, fields, dropdowns, and pick lists.

  • Create dashboard templates or pages with the drag-and-drop visual layout builder
  • Use multiple widgets such as charts, listings, counters, and performance metrics to create rich views and data models
  • Use formatting options such as colors, labels, format, and configurations
web icon fortisoar widget library

Extensive Widget Library

FortiSOAR has an library of widgets that can be used to enhance dashboards

  • Download and install new widgets
  • Use a standard code editor interface for editing or customizing widgets
  • Create new widgets using the widget builder interface and implement them across dashboards, reports, and record views
web icon fortisoar custom role based dashboards 3

Granular Role-Based Access Control

Control visibility by segmenting data and duties by assigning roles to each dashboard

  • Assign roles and permissions to dashboard templates
  • Set selected dashboards as the default for all system users
  • Create user-specific dashboards and reports
web icon fortisoar reporting 1

Report Repository

Get reports set up quickly using the FortiSOAR report library, which contains many commonly used reports.

  • Access ready-to-use reports such as incident closures, alert closures, and indicators of compromise summaries
  • Access imported reports that are integrated with the support portal
  • Customize FortiSOAR reports from the repository for organization-specific metrics
  • Export reports in CSV and PDF formats
web icon fortisoar reporting 2

Role-based Reporting

Roles can be assigned to specific reporting templates
  • Make selected reports accessible to all system users
  • Create user-specific or incident-specific reports 
web icon fortisoar queue management 1

Create Dedicated Queues

Using the built-in queue management, you can set up automatic work assignments across layers of queues and teams.

  • Create multiple queues across various teams
  • Add multiple team members to each queue
  • Define logical rules to automatically assign work to a specific member or team
  • Optionally, add work tasks manually to any queue
web icon fortisoar queue management 2

Manage SOC Shift Changes with Ease

If your SOC has multiple work shifts, you can manage changes easily

  • Create multiple queues for different shifts
  • Define rules for assigning alerts and incidents based on the time zone
  • Obtain snapshots of a shift’s queue to better understand task status
  • Optionally, add manual tasks to any queue or team member

Our Customers Emphasize the Value of FortiSOAR (Formerly CyberSponse) directly and in Gartner Peer Insights Reviews

Many enterprise customers realize the power and effectiveness of FortiSOAR (formerly CyberSponse) and have provided positive feedback directly and on Gartner Peer Insights. Read what end users say about FortiSOAR.

 

★★★★★
"FortiSOAR has advanced our threat detection and response capabilities by five years"

Shawn Waldman, CEO of Secure Cyber Defense

"I have almost 30 years in IT, I have used all of Fortinet’s competitors over the course of my career, and Fortinet security is just the best. Now, I feel like FortiSOAR has advanced our threat detection and response capabilities by five years. It gives us this tremendous Swiss Army knife of functionality that we are excited to capitalize on."

★★★★★
"FortiSOAR, played a critical role in the company’s revenue growth"

Cybersecurity Team Executive, in the Finance industry >$140 billion in sales

"The timely reports the team generates through FortiSOAR have played a critical role in the company’s revenue growth, as executives are now able to track their desired metrics in greater detail."

★★★★★
"Rapid Feature Enrichment Based On Customer Feedback"

Manager, Information Risk in the Healthcare Industry, $3B – 10B company 

"CyOPS provided a completely customizable SOAR solution. Due to it's flexibility, my security operations center was able to implement a single pane of glass for visibility to alerts from over 30 different platforms. Full triage of events is made possible with manual and automatic enrichment from numerous external open source and paid threat intelligence platforms. Our feedback to improvements and enhancement to the CyOPs portal is consumed, evaluated and rapidly integrated into regular updates to the platform."


★★★★★
"Cyops is the most flexible security incident automation tool"

Platform Architect in the Services Industry, $3B – 10B company

"Cyops is one of the most flexible product, I have come across. We have achieved 99% of our highly customized requirements from ticketing to reporting and automation to orchestration."


★★★★★
"Very flexible tool that allows to automate complex tasks in a matter of hours"

Senior Cyber Security Analyst in the Healthcare Industry, $10B – 30B company

"SOAR platforms as a business, with most players being less than 10 years old, is definitely still in its infancy, but CyOps is a hypergrowing child."


★★★★★
"Implementation was easy and fast, and user friendly with live support"

Cloud Security Specialist in the Services Industry, <$50M company

"Very professional company, with great support service. The tool is self covers all the requirements of a SOAR platform and enables organization and MSSPs to move forwarded with the next generation SOC."


★★★★★
"Great Tool For SOC Orchestration And Automation"

Group Head of Information Security Operations in the Retail Industry, $1B – 3B company

"The Product is great for integrations with various SOC used tools. Using this tool for Automation of mundane tasks means the skills resources can focus on genuine incidents. Response and SLA tracking means we can judge the effectiveness of current orchestration."

 

★★★★★
"Great Blank Slate of a product."

Knowledge Specialist, $250M – 500M company

"The Support from this company is second to none - they are available when needed via multiple channels and support routine and emergency patching/repairs. the product development team are often implementing new features and are very responsive to feature requests."




Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.   

Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.

For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:

  • Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
  • Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
  • Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.

FortiGuard

Industry Leading AI-driven Protection and Intelligence

FortiCare

World-class Global Support and Professional Services

Mission critical security-driven networks deserve the best support available.  FortiCare provides 24x7 support options to help keep your FortiGates up and running.  We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements. 

Want faster resolution?  Choose our Advanced Support option.

Need help to get going with new deployments and integrations?  FortiCare can do it, too, with Professional Services and Resident Engineers!  Contact Sales to find out how.

Delivering world-class security is not all that we do! We can help our customers lower their total cost of ownership (TCO) and simplify day-to-day security operations through our FortiOps services, which provide cloud-based management, visibility, and automation across their Fortinet Security Fabric.

FortiOps

Cloud-based Management, Visibility, and Operations

View by:

Fuse Community


FortiSOAR Alliance Partners

FortiSOAR provides integration with many leading IT & security vendors as part of the Fortinet Security Fabric.  Please note that over the next few months we will update the content to incorporate the integrations with the partners.

Product Demo

FortiSOAR is a purpose-built product for the modern SOC. With dedicated SOC Queue Management, OOB Vulnerability management, OOB Asset Management, Indicator Repository, Enterprise grade Reporting, SLA Tracking and more.

Request here to get a personalized demo of the product with one of our FortiSOAR specialist. 

FortiSOAR Use Cases

Unified Incident Response Management

Centralize security processes to orchestrate, automate, and respond to threats using existing tools for real-time responses at machine speed.

Alert Triage Automation

Dynamically detect false positives with prioritization powered by artificial intelligence. Automatically group similar alerts and incidents into a consolidated timeline for investigations, which helps reduce alert fatigue and missed threats.

SOC Optimization

Optimize the SOC using out-of-the-box or tailored FortiSOAR dashboards to monitor security operations KPIs, identify vulnerabilities, and automate processes.

SOC Cross-Collaboration

Expedite remediation and improve team and cross-functional collaboration by connecting analysts to critical information and other teams and stakeholders for full end-to-end control and visibility.

Features and Benefits

icon incident management

Incident Management

Enterprise-grade customizable incident management enables SOC analysts to efficiently investigate alerts and better understand, review, and manage incidents
icon automated workflow

Automated Workflows

Leverage the most advanced playbook engine to create workflows within the product and integrate into existing enterprise tools. 200+ playbooks enable teams to easily onboard
icon fortisoar for mssps

FortiSOAR for MSSPs

Create a unique managed security service provider (MSSP)-enabled customer centric dashboards, workflows, and views to enable easy security operations management across customer segments  
icon soc dashboard reports

SOC Dashboards and Reports

A built-in advanced visual dashboard enables customers to easily create dashboards specific to a role within security operations 
icon partner connector

Partner Connectors

Integrate existing enterprise security solutions. FortiSOAR comes with 280+ partner connectors to existing vendors across SIEM, network security, endpoint, cloud, and more
icon queue management

Queue Management

Built-in queue management handles automatic work assignments across multiple queues and teams within the SOC 

FortiSOAR Video

  

FortiSOAR Overview | Security Orchestration Automation and Response

FortiSOAR is a security orchestration, automation, and response (SOAR) solution that is designed for enterprises that have achieved a high level of security maturity. It helps improve team collaboration and control with security operations center (SOC) automation for improved security efficiency. By empowering SOC teams to streamline and accelerate their incident response processes, FortiSOAR can reduce the mean-time-to-respond. In this video, you'll see how customers use FortiSOAR to reduce complexity and respond quickly.

马上观看