FortiSIEM
Gestion des événements et informations de sécurité (SIEM) avec analyse comportementale des utilisateurs et des entités (UEBA)
Validation technique 2018 par ESG - FortiSIEM
Synthèse
Alors que tous les secteurs d’activité opèrent leur transformation digitale, la surface d’attaque s’élargit, ce qui rend la gestion de la sécurité plus complexe. Les équipes de sécurité luttent pour gérer les trop nombreuses alertes et autres informations issues d’une multitude d’équipements de sécurité. Et la pénurie de compétences en cybersécurité accentue la pénibilité de cette tâche.
Les infrastructures, les applications et les Endpoints (notamment les objets connectés) doivent tous être sécurisés. Ceci implique une visibilité temps-réel sur tous les dispositifs et sur l’infrastructure dans son intégralité. Les entreprises doivent connaître précisément les équipements qui représentent une menace et leur localisation.
View by:
Événements par seconde |
5,000 |
Capacité de stockage |
3 TB |
Événements par seconde |
15,000 |
Capacité de stockage |
36 TB |
Événements par seconde |
30,000 |
Capacité de stockage |
72 TB |
Les machines virtuelles FortiSIEM sont compatibles avec VMware vSphere, KVM, Microsoft Hyper-V et OpenStack
Description |
50 devices and 500 EPS all-in-one perpetual license |
Description |
Add 25 devices and 250 EPS all-in-one perpetual license |
Description |
Add 50 devices and 500 EPS all-in-one perpetual license |
Description |
Add 100 devices and 1000 EPS all-in-one perpetual license |
Description |
Add 250 devices and 2500 EPS all-in-one perpetual license |
Description |
Add 450 devices and 4500 EPS all-in-one perpetual license |
Description |
Add 950 devices and 9500 EPS all-in-one perpetual license |
Description |
Add 1950 devices and 19500 EPS all-in-one perpetual license |
Description |
Add 3950 devices and 39500 EPS all-in-one perpetual license |
Description |
Add 4950 devices and 49500 EPS all-in-one perpetual license |
Les machines virtuelles FortiSIEM sont disponibles sur Amazon Web Services.
FortiSIEM provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiSIEM Alliance Partners:
Amazon Web Services
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
Anomali
Anomali delivers high-fidelity threat intelligence from diverse sources to Fortinet, providing the contextualized threat intelligence and triggers necessary to prioritize and initiate an incident response, and when paired with event data, allowing your SOC analysts to focus on the real threats, rather than false positives.
ATAR Labs
ATAR Labs builds next-generation SOAR platform ATAR. Together with Fortinet, SOC teams become more agile and respond to complex threats and defend their infrastructure. Automatic processes deployed and orchestrated from ATAR, and enforcement, and detection from Fortinet creates an integrated operation to achieve a secure environment.
Bambebek Labs
Bambenek Labs' threat intelligence solution surveil's cybercrime networks in real-time to provide actionable, relevant, and high-fidelity threat intelligence to block threats at the network layer. Together, with Fortinet, you can enrich your network devices and SIEM with high fidelity threat intelligence to provide enhanced protection for your organizations to prevent breaches.
Brocade
Brocade networking solutions help the world's leading organizations turn their networks into platforms for business innovation. With solutions spanning public and private data centers to the wireless network edge, Brocade is leading the industry in its transition to the New IP network infrastructures required for today's era of digital business.
Cisco
Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.
Claroty
Claroty's ICS Security Platform passively protects industrial networks and assets from cyberattack; ensuring safe and continuous operation of the worlds most critical infrastructures without compromising the safety and security of personnel or expensive industrial assets. 2018 S4 ICS Challenge winner!
CyberArk
CyberArk is the global leader in privileged account security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets.
CyberX
CyberX delivers the only IIoT and ICS cybersecurity platform built by blue-team experts with a track record defending critical national infrastructure-and the only platform with patented ICS-aware threat analytics and machine learning. Together with Fortinet, CyberX reduces the time from ICS & IIoT threat detection to prevention.
CyGlass, Inc
CyGlass is an AI based SaaS security platform that uses network data to uncover, pinpoint, and respond to advanced cyber threats that have evaded traditional security controls.
D3 Security
D3 Security's award-winning SOAR platform seamlessly combines security orchestration, automation and response with enterprise-grade investigation/case management, trend reporting and analytics. With D3's adaptable playbooks and scalable architecture, security teams can automate SOC use-cases to reduce MTTR by over 95%, and manage the full lifecycle of any incident or investigation.
DFLabs
DFLabs IncMan SOAR leverages existing security products to dramatically reduce the response and remediation gap caused by limited resources and the increasing volume of incidents. Together with Fortinet, IncMan allows joint customers to respond to security incidents in a faster, more informed and efficient manner.
Dragos
The Dragos mission is to safeguard civilization from those trying to disrupt the industrial infrastructure. Dragos provides solutions for asset identification, threat detection, and response with insights from industrial control systems (ICS) cybersecurity experts. Dragos works with Fortinet to provide increased visibility and improved correlation of cyber events. This helps customers evaluate and make better informed decisions when classifying events and required actions.
Entrust Datacard
Enable strong authentication for your Fortinet VPN and SIEM solutions with Entrust Datacard Identity. With cloud or on-premises deployment options, Entrust Datacard’s authentication solution integrates with Fortinet FortiGate VPN and FortiSIEM Server Agent using industry-standard protocols (Radius or SAML).
Flowmon
Flowmon Networks empowers businesses to manage and secure their computer networks confidently. Through high-performance network monitoring technology and lean-forward behavior analytics, IT pros worldwide benefit from absolute network traffic visibility to enhance network & application performance and deal with modern cyber threats. Flowmon complements Fortinet with network behavior analysis on east-west traffic while the integration with Fortinet keeps our mutual customers safe from advanced security threats.
Gigamon
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security, and superior performance.
IBM
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
- IBM Security Alliance Overview
- Fortinet – IBM Security AppScan Solution Brief
- Fortinet – IBM Security QRadar Solution Brief
- Fortinet FortiGate and IBM QRadar Deployment Guide
- FortiGate App For IBM QRadar Technical Solution Guide
- Fortinet - IBM Resilient Technical Deployment Guide
- Fortinet - IBM Cloud Connector Solution Brief
- Fortinet FortiSOAR Connector for IBM QRadar
- IIoT World Webinar Recording
InfoBlox
Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services. Infoblox brings next-level security, reliability and automation to cloud and hybrid systems, setting customers on a path to a single pane of glass for network management. Infoblox is a recognized leader with 50 percent market share comprised of 8,000 customers, including 350 of the Fortune 500.
IntSights
Revolutionizing cybersecurity with the first of its kind enterprise threat intelligence and mitigation platform that drives proactive defense by turning tailored threat intelligence into automated security action.
Ixia
Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations. Together with Fortinet, Keysight enables visibility, security, and validation for Zero Trust environments.
LinkShadow
LinkShadow Cybersecurity Analytics Platform is a world-leading UEBA and Threat-Hunting Solution Provider. Together with Fortinet, LinkShadow can empower the Security team with cutting-edge Threat Anticipation with Proactive Incident Response, while simultaneously gaining rapid insight into the effectiveness of the existing security investments.
Micro Focus
Micro Focus is a global software company with 40 years of experience in delivering and supporting enterprise software solutions that help customers innovate faster with lower risk. Our portfolio enables our 20,000 customers to build, operate and secure the applications and IT systems that meet the challenges of change. We are a global software company, committed to enabling customers to both embrace the latest technologies and maximize the value of their IT investments. Everything we do is based on a simple idea: the fastest way to get results from new technology investments is to build on what you have–in essence, bridging the old and the new.
- Fortinet-Micro Focus Fortify WebInspect Solution Brief
- Fortinet-Micro Focus ArcSight ESM Solution brief
- ArcSight Marketplace
Nozomi Networks
Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.
- Solution brief
- Fortinet FortiGate and Nozomi Networks Guardian Deployment Guide
- Fortinet FortiSIEM and Nozomi Networks CMDB Deployment Guide
- ICS Security Overview & Integration Video
- Fortinet-Nozomi integration demo
Oracle
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.
OTORIO
RAM2 - OTORIO's Industrial-SOAR platform, designed for automation personnel operations and collaboration with the SOC's cyber experts. RAM2 offers centralized, simplified and automated industrial cyber risk preparedness and management solution. Based on attack vectors simulations and business impact risk engine the RAM2 provides smart mitigations to the operational environment and manufacturing processes.
Owl Cyber Defense
Network security is about trust. Trust in the assurance, expertise, and guidance to understand your requirements, identify the right solution, and support you from start to finish. Owl hardware-enforced cybersecurity and professional services, with Fortinet’s network and cloud security software, create a trusted, hardened barrier for your digital assets.
PowerDMARC
PowerDMARC is an email authentication security platform that leverages protocols like DMARC, MTA-STS, and BIMI to help organizations combat domain spoofing, secure their email channel and enhance their brand’s reputation. Together with Fortinet, they aspire to make email the safest way to communicate.
Pulse Secure
Pulse Secure enables seamless access to resources by combining visibility, authentication and context-based access control. This solution with Fortinet extends perimeter protection to all devices visible to the Secure Access solution while allowing access controls to respond to threat intelligence gathered by the Fortinet platform.
RAD Data Communications
RAD is a global Telecom Access solutions and products vendor, at the forefront of pioneering technologies. For critical infrastructure, our Service Assured Networking solutions include best-of-breed products for cyber-secure industrial IoT (IIoT) backhaul with edge/fog computing and seamless migration to modern packet-switched OT WANs.
Rubrik
Rubrik delivers a single platform to manage and protect data in the cloud, at the edge, and on-premises. Enterprises choose Rubrik’s Cloud Data Management software to simplify backup and recovery, accelerate cloud adoption, and enable automation at scale.
Safetica
Safetica Technologies delivers data protection solution for business. Safetica DLP (Data Loss Prevention) prevents companies from data breaches, teaches employees to care about sensitive data and makes data protection regulations easy to comply. Safetica integration with Fortinet technologies gives companies a powerful tool to secure all its´ data, no matter where it resides or flows.
SCADAfence
SCADAfence provides threat protection, risk management and visibility solutions for industrial OT networks. Combining SCADAfence’s dedicated solutions for OT networks with Fortinet’s Security Fabric, allows industrial organizations to effectively enforce security policies, improve incident response and extend their visibility from IT to OT.
Seclytics
Seclytics uses Science to predict where attacks will originate - on average 51 days before they strike - with over 97% accuracy and <.01 false positives. Together with Fortinet, we are able to report on and prevent attacks before adversaries strike.
SentinelOne
SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organized crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.
ServiceNow
ServiceNow makes work better. Our applications automate, predict, digitize and optimize business processes across IT, Customer Service, Security Operations, HR and more, for a better enterprise experience.
Splunk
Splunk Inc. is the market-leading platform that powers Operational Intelligence.
Swimlane
Swimlane is at the forefront of the growing market of security automation, orchestration and response (SOAR) solutions and was founded to deliver scalable and flexible security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages.
Symantec
Symantec Corporation (NASDAQ:SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. The partnership with Fortinet combines Symantec’s endpoint protection leadership with Fortinet’s best-in-class network security and Fabric integration to deliver unparalleled security protection.
- Solution Brief
- Symantec CloudSOC Solution Brief
- Technical Deployment Guide
- Press Release on partnership
- Fabric Connector Technical Guide
Tanium
Tanium offers a proven platform for endpoint visibility and control that transforms how organizations manage and secure their computing devices with unparalleled speed and agility.
Tenable
Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform.
ThreatConnect
Designed by analysts but built for the entire team, ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform.
Trend Micro
Trend Micro, a leader in cloud, endpoint, and email security, has partnered with Fortinet to help our mutual customers detect and respond to attacks more effectively throughout their organizations.
TriagingX
TriagingX provides automation of endpoint forensics, cutting advanced threat hunting time from hours to minutes. TXHunter analyzes Fortinet firewall log data and automatically launches forensic investigation on alerted endpoints. TXHunter enables FortiSIEM users to investigate sophisticated threats without leaving the platform. It's fast, efficient, and effective.
Vectra AI
Vectra AI is the leading Cloud & Network Detection and Response (NDR) for your network, cloud, datacenter and SaaS applications. The Vectra platform blends security research with data science. Together with Fortinet, Vectra will automatically find and stop advanced attacks before they cause damage.
VMware
VMware is a global leader in cloud infrastructure and business mobility.
- NSX Solution Brief
- NFV Solution Brief
- NSX-T Solution Brief
- Carbon Black Solution Brief
- Carbon Black Technical Integration Guide
- Carbon Black Solution Video
WitFoo, Inc.
WitFoo has partnered with Fortinet to provide better security visibility to our joint customers. WitFoo delivers a comprehensive cybersecurity operations platform that combines capabilities across SIEM, SOAR, IRP, UEBA, and NBAD. By leveraging Fortinet’s rich data sources, WitFoo and Fortinet provide visibility across the entire attack life cycle and automate threat mitigation capabilities.
Zentera
Zentera’s CoIP™ (Cloud over IP) Platform creates a unified zero trust network to secure on-prem and cloud environments. The zero trust network contains and protects sensitive cross-domain applications, such as hybrid cloud and IT/OT environments, enabling application segmentation without changing existing network and security infrastructure.
Ziften
Ziften simplifies endpoint protection.
The Zenith endpoint protection platform is a single product that stops cyber-attacks on all enterprise endpoints – laptops, desktops, servers, and cloud. The single agent deploys quickly and delivers (1) best-in-class zero-day protection, (2) complete investigation, (3) the most flexible response, plus (4) security posture analysis. The result is simplified endpoint protection to easily stop cyber-attacks with the people and budget you already have. Together with Fortinet, Ziften leverages the Fortinet Security Fabric to help customers better secure their endpoints, servers, and network.
FortiSIEM, le SIEM de nouvelle génération
Cette solution évolutive et unique offre des fonctions de visibilité, de corrélation, de réponse automatisée et de remédiation. Elle simplifie la gestion du réseau et les opérations de sécurité, libère des ressources précieuses, améliore la détection des menaces et prévient les incidents de sécurité.
De plus, notre architecture favorise un recueil et un traitement analytique unifiés des données, à partir de différentes sources : logs, indicateurs de performances, alertes de sécurité et modifications de la configuration. FortiSIEM fait le lien entre des informations et analyses autrefois cloisonnées, car issues des opérations de sécurité d’une part, et des opération réseau d’autre part. Il en résulte une visibilité plus large sur la sécurité et les opérations IT.
D’autre part, la fonction d’analyse comportementale UEBA de FortiSIEM tire parti du machine learning et de méthodologies statistiques pour définir une référence de ce qu’est un comportement normal et proposer une visibilité temps-réel et décisionnelle sur les comportements d’utilisateur définis comme suspects vis-à-vis des données sensibles. En corrélant les indicateurs issus de capteurs, du trafic des équipements réseau, des logs de serveurs et d’application et d’API clouds, FortiSIEM établit des profils d’utilisateurs, de pairs, d’endpoints, d’applications, de fichiers et de réseaux. La détection des comportements anormaux par la fonction UEBA de FortiSIEM est un moyen fiable et simple d’avoir une visibilité de bout en bout sur l’activité réseau, des Endpoints aux serveurs sur site, de l’activité réseau aux applications cloud.
Les avantages clés de FortiSIEM
Une solution SIEM sophistiquée ne se contente pas d’enregistrer des évènements de sécurité. FortiSIEM offre une protection de premier rang contre les menaces, et s’affirme en tant que véritable moteur de création de valeur. Parmi les avantages clés:
Architecture et modèle de licence évolutifs (Scale-as-you-grow)
Une évolutivité rapide de l’architecture de machine virtuelle de FortiSIEM et différentes options de licence.
- La possibilité d’étendre le parc de VM pour renforcer les performances et les capacités de traitement de logs.
- Aucun coût supplémentaire pour rajouter des VM.
- Différentes options de licence : facturation à l’utilisation, abonnement ou licence perpétuelle.
Plateforme unifiée
Complexité réduite grâce à une compatibilité avec les environnements multi-tenant et hétérogènes.
- L’architecture multi-tenant est proposée par une seule plateforme. Les MSSP peuvent gérer de manière centralisée tous leurs clients, tout en assurant une visibilité intégrale. FortiSIEM propose :
- Une interface utilisateur personnalisée et multi-tenant
- Une base de données évolutive et multi-tenant
- Une architecture évolutive et multi-tenant.
- Si FortiSIEM bénéficie d’une intégration étroite avec les produits Fortinet, la solution est également compatible avec des centaines d’équipements provenant de différents constructeurs.
Interface unifiée de gestion et de contrôle
Les fonctionnalités de FortiSIEM, dont les tableaux de bord, les traitements analytiques, la gestion des incidents, la base de données de gestion de configuration (CMBD) et les tâches de gestion sont accessibles via une interface intuitive Web.
- Un contrôle d’accès personnalisé et fondé sur le rôle permet aux entreprises de déterminer ce à quoi les utilisateurs peuvent accéder.
- Une fonction de découverte des ressources permet de mettre sur pied une CMBD intégrée pour optimiser la gestion des ressources.
- Le monitoring des performances CPU et mémoire, du stockage et des changements de configuration vient renforcer le panel fonctionnel de la plateforme et offre davantage de données contextuelles.
Détection améliorée des incidents et maîtrise de l’impact des incidents
FortiSIEM accélère l’identification des menaces internes et externes, ainsi qu’un monitoring de la conformité.
- La détection des incidents est accélérée grâce à un moteur de corrélation breveté qui optimise l’identification des incidents.
- Des parseurs, des tableaux de bord et un reporting prêts à l’emploi portent sur les équipements les plus courants au sein de l’environnement.
- FortiSIEM Analytics identifie les menaces et les indicateurs de compromission (IOC).
- Les menaces internes sont identifiées via la fonction UEBA de FortiSIEM, à l’aide d’un agent présent sur les Endpoints et qui recueille les indicateurs comportementaux.
- Ceci permet d’accélérer le temps moyen de prise en charge de menaces
Conformité et retour sur investissement (ROI)
Une efficacité améliorée, des risques maîtrisés et un impact réduit des attaques favorisent le retour sur investissement et simplifient la mise en conformité.
- Les gains de productivité sont une réalité pour les équipes et analystes en sécurité qui reçoivent des informations pertinentes sur les menaces détectées.
- La détection des incidents et le reporting permettent de mieux gérer les risques.
- Les rapports de conformité prêts à l’emploi de FortiSIEM aident les entreprises à pérenniser leur conformité.
- La disponibilité de contenus prêts à l’emploi accélère la création de valeur. FortiSIEM propose plus de 750 règles, environ 3 000 rapports, des tableaux de bord prédéfinis et prend en charge plus de 200 équipements du marché.
- Les équipes de sécurité peuvent comprendre l’impact d’un incident en identifiant les services métiers impactés.
Mettre sur pied une équipe de cybersécurité
Formation avancée pour les professionnels de la sécurité, formation technique pour les professionnels IT et formation de sensibilisation pour les télétravailleurs.
En savoir plus
