FortiSIEM

Powerful Security Information and Event Management (SIEM) with User and Entity Behavior Analytics (UEBA)

ESG Technical Validation 2018 – FortiSIEM
web product icon fortisiem

SIEM Overview


As digital transformation sweeps through every industry, the attack surface grows dramatically (and constantly), making security management increasingly difficult. Security teams struggle to keep up with the deluge of alerts and other information generated by their multitude of security devices. And the cybersecurity skills gap only makes this more difficult.

Infrastructure, applications, and endpoints (including IoT devices) must all be secured. This requires visibility of all devices and all the infrastructure—in real time. Organizations also need to know what devices represent a threat and where.

 

FortiSIEM Delivers Next-Generation SIEM Capabilities


FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improve breach detection, and even prevent breaches. 

What’s more is that our architecture enables unified data collection and analytics from diverse information sources including logs, performance metrics, security alerts, and configuration changes. FortiSIEM combines the analytics traditionally monitored in separate silos of the security operations center (SOC) and network operations center (NOC) for a more holistic view of the security and availability of the business.

In addition, FortiSIEM UEBA leverages machine learning and statistical methodologies to baseline normal behavior and incorporate real-time, actionable insights into anomalous user behavior regarding business-critical data. By combining telemetry that is pulled from endpoint sensors, network device flows, server and applications logs, and cloud APIs, FortiSIEM is able to build comprehensive profiles of users, peer groups, endpoints, applications, files, and networks.  FortiSIEM UEBA behavioral anomaly detection is a low-overhead but high-fidelity way to gain visibility of end-to-end activity, from endpoints, to on-premises servers and network activity, to cloud applications.

Related Resources

FortiSIEM Data Sheet

FortiSIEM Data Sheet

现在读
Detect and Respond To Insider Threats: Fortinet FortiSIEM With User and Entity Behavior Analytics

Detect and Respond To Insider Threats: Fortinet FortiSIEM With User and Entity Behavior Analytics

现在读
Recognizing the Many Faces of Insider Threats

Recognizing the Many Faces of Insider Threats

现在读

Learn more about our FortiSIEM

Key FortiSIEM Advantages

An advanced SIEM solution will do more than just aggregate security events. FortiSIEM offers leading threat protection and high business value. Key benefits include:

Scale As You Grow

Scale-as-you-grow architecture and licensing

Rapid scalability is inherent in FortiSIEM’s virtual machine (VM) architecture* and licensing options.

  • Easily increase performance and log-processing capacity by adding VMs.
  • No extra charge for adding VMs.
  • Flexible licensing options include MSSP PAYG, subscription, and perpetual.
Unified Platform

Unified platform

Reduce complexity with multi-tenancy and multi-vendor support.

  • Multi-tenancy is supported on a single platform. MSSPs are able to centrally manage all customers while maintaining overall visibility. FortiSIEM supports this with:
    • A customizable, multi-tenant-capable graphical user interface (GUI)
    • A multi-tenant-capable database
    • Scalable, multi-tenant-capable architecture.
  • FortiSIEM supports hundreds of multi-vendor products out-of-the-box and seamless integration with Fortinet products.
Single Pane of Glass Management

Single-pane-of-glass management and control

Most FortiSIEM features including dashboards, analytics, incidents, configuration management database (CMBD), and administration are accessed via an intuitive, web-based GUI.

  • Customizable role-based access control lets organizations determine what each user can access.
  • Active asset discovery assists with building out an integrated CMBD for better asset management.
  • Performance and availability monitoring, such as CPU, memory, storage, and configuration changes extend the functionality of the platform and deliver additional contextual data.
Incident Detection

Better incident detection with reduced incident impact

FortiSIEM identifies external and internal threats faster. Plus, it enables threat hunting and compliance monitoring.

  • Incident detection time is reduced with a patented and distributed correlation engine to detect incidents.
  • Out-the-box content includes pre-designed parsers, dashboards, and reporting to cover the most commonly found devices, delivering quick value
  • FortiSIEM Analytics helps hunt for threats and indicators of compromise (IOC).
  • Insider threats are identified with FortiSIEM UEBA, using an agent on endpoints to collect telemetry on behavior.
  • Overall, the mean time to respond (MTTR) is reduced
Compliance

Out of the Box Compliance and Return on investment (ROI)

Higher ROI is obtained with improved efficiency, lowered risk and reduced impact of attacks, and simplified compliance.

  • Staff and analyst efficiency are improved because they receive the right information and detection.
  • Risks are managed with incident detection and reporting.
  • FortiSIEM out-of-the-box Compliance Reports help organizations stay compliant.
  • Pre-defined content reduces time to value. There are over 750 rules, about 3,000 reports, pre-defined dashboards, and more than 200 vendor devices supported.
  • Security teams can understand incident impact by defining business services. This should indicate what business service is affected by an incident.

FortiSIEM News

FortiSIEM Videos

StratoZen Simplifies SIEM, SOC and Compliance with FortiSIEM
Fortinet Management and Analytics Solution

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

学到更多

FortiSIEM Models and Specifications

Events per Second
5,000
Storage Capacity
3 TB
Events per Second
15,000
Storage Capacity
36 TB
Events per Second
30,000
Storage Capacity
72 TB

FortiSIEM virtual machines are supported on VMware vSphere, KVM, Microsoft Hyper-V and OpenStack

描述
50 devices and 500 EPS all-in-one perpetual license
描述
Add 25 devices and 250 EPS all-in-one perpetual license
描述
Add 50 devices and 500 EPS all-in-one perpetual license
描述
Add 100 devices and 1000 EPS all-in-one perpetual license
描述
Add 250 devices and 2500 EPS all-in-one perpetual license
描述
Add 450 devices and 4500 EPS all-in-one perpetual license
描述
Add 950 devices and 9500 EPS all-in-one perpetual license
描述
Add 1950 devices and 19500 EPS all-in-one perpetual license
描述
Add 3950 devices and 39500 EPS all-in-one perpetual license
描述
Add 4950 devices and 49500 EPS all-in-one perpetual license

FortiSIEM virtual machines are available on Amazon Web Services.

Product Demo

Learn how FortiSIEM monitoring tools can help you detect, prevent, and respond to security threats by doing a self-guided demo.

Please complete the form below to request a FortiSIEM demo:

FortiSIEM Alliance Partners

FortiSIEM provides integration with many leading IT vendors as part of the Fortinet Security Fabric.  Below is a list of current FortiSIEM Alliance Partners: