FortiSOAR

Streamline SOC Efficiencies and Accelerate Incident Response

FortiSOAR Solution Brief

Try FortiSOAR’s Free Community Edition
適用於:
web product icon fortisoar

FortiSOAR Overview

As the digital attack surface expands, security teams must also expand their defense capabilities. Yet, adding more security monitoring tools is not always the answer. Additional monitoring tools mean more alerts for security teams to investigate and more context switching in the investigation process, among other issues. This creates a number of challenges for security teams, including alert fatigue, a lack of qualified security personnel to manage new tools, and slower response times.

Integrated into the Fortinet Security Fabric, FortiSOAR security orchestration, automation and response (SOAR) remedies some of the biggest challenges facing cybersecurity teams today. Allowing security operation center (SOC) teams to create a custom automated framework that pulls together all of their organization's tools unifies operations, eliminating alert fatigue and reducing context switching. This allows enterprises to not only adapt, but also optimize their security process.

 

FortiSOAR News

  

FortiSOAR Video

FortiSOAR Overview | Security Orchestration Automation and Response

FortiSOAR™ is a holistic and enterprise-built security orchestration and security automation workbench that empowers security operation teams. FortiSOAR™ increases a team’s effectiveness by increasing efficiency, allowing for response in near real-time. In this video, you’ll see how FortiSOAR™ takes your security operation team to the next level by automating the incident response process and facilitating collaboration, behind one unified interface.

立即觀看

Features and Benefits

 

icon incident management

Incident Management

Enterprise-grade customizable incident management enables SOC analysts to efficiently investigate alerts and better understand, review, and manage incidents
icon automated workflow

Automated Workflows

Leverage the most advanced playbook engine to create workflows within the product and integrate into existing enterprise tools. 200+ playbooks enable teams to easily onboard
icon fortisoar for mssps

FortiSOAR for MSSPs

Create a unique managed security service provider (MSSP)-enabled customer centric dashboards, workflows, and views to enable easy security operations management across customer segments  
icon soc dashboard reports

SOC Dashboards and Reports

A built-in advanced visual dashboard enables customers to easily create dashboards specific to a role within security operations 
icon partner connector

Partner Connectors

Integrate existing enterprise security solutions. FortiSOAR comes with 280+ partner connectors to existing vendors across SIEM, network security, endpoint, cloud, and more
icon queue management

Queue Management

Built-in queue management handles automatic work assignments across multiple queues and teams within the SOC 

FortiSOAR Features and Specifications

FortiSOAR is a purpose-built product for the modern SOC. With dedicated SOC Queue Management, OOB Vulnerability management, OOB Asset Management, Indicator Repository, Enterprise grade Reporting, SLA Tracking and more.

FortiSOAR is available in VM option only.

web icon fortisoar incident management 1

An Intuitive Interface That Understands Data

FortiSOAR facilitates efficient investigation of alerts allowing security analysts to better understand, review, and manage data.

  • Manage alerts and incident listings in a grid view that can be filtered
  • Add mini-dashboards on each grid to gain visibility into the bigger picture and understand trends
  • Define new modules and customize their fields, views, and permissions
  • Define custom views, data models, fields, and grids with the visual layout editor
web icon fortisoar incident management 2

An Enterprise Role-based Incident Management Solution

With robust role-based access control, FortiSOAR provides organizations the power to manage sensitive data in accordance with SOC policies and guidelines.

  • Create custom roles and team hierarchies
  • Define field-level role permissions with various roles
  • Control data visibility and encryption with multiple role-based views
  • Configure custom views and page layouts using the visual designer
web icon fortisoar incident management 3

Power to Configure

FortiSOAR has the ability to define new modules, such as custom fields, views, and permissions. It allows security teams to configure it to their specific environment’s requirements.

  • Create custom modules to define fields as needed. For example, a module to store whitelisted IPs for DevOps to review
  • Leverage the visual layout builder to define custom views and dashboards
  • Add related fields and cross-link module fields for easier analyst reviews
web icon fortisoar automated workflow 1

Visual Playbook Builder

Create smart automated workflows with ease of product integrations

  • Drag and drop interface allows stringing multiple steps together
  • Plug multiple integrations into workflows
  • Zoom and pan to allow ease of navigation within the designer
  • Intuitive design
web icon fortisoar automated workflow 2

Create Multiple Collections

Manage playbooks better by grouping them into logical folders.

  • Ability to add multiple playbook collections
  • Import playbooks and playbook collections
  • Export collections together with dependent playbooks
web icon fortisoar automated workflow 3

Monitor Playbook Performance

Closely monitor playbook step executions, as well as various performance indicators.

  • Global monitoring for all playbook executions along with step completion status
  • Monitor playbooks specific to an alert or incident record
  • See historic execution and steps for a particular playbook
  • Filter playbook execution logs based on users, time, type, and status
web icon fortisoar platform mssp 1

Unified Console Built on Enterprise Multi-tenancy Architecture

Obtain a complete overview of all customers/tenants in the unified FortiSOAR master console.

  • Filter views by customers to understand their current state
  • Assign and adhere to the roles and permissions assigned to each tenant
  • Create customer-specific alert and incident views
  • Robust and scalable architecture for load-balancing usage
web icon fortisoar platform mssp 2

Handle Unique Customer Environments and Product Diversity

Easily manage customer environments with multiple third-party solutions.

  • Run automation workflows on a specified tenant remotely
  • Communicate and get the automation status and logs from the tenant
  • Choice with the customer to limit data flow to the master console
web icon fortisoar custom role based dashboards 1

Insight from Multiple Perspectives

FortiSOAR offers dashboards for better decision making.

  • Choose from multiple canned dashboards from multiple perspectives
  • Export and import dashboard templates
  • Export dashboard views as PDFs
web icon fortisoar custom role based dashboards 2

Visual Layout Builder

With an intuitive drag and drop interface, FortiSOAR has the ability to define page layouts, fields, dropdowns, and picklists.

  • The intuitive drag-and-drop visual layout builder makes creating dashboard templates or pages easy
  • Use multiple widgets such as charts, listings, counters, and performance metrics to create rich views and data models
  • Use formatting options such as colors, labels, format, and configurations to make dashboards more valuable
web icon fortisoar custom role based dashboards 3

Full Role-Based Access Control

Assign multiple roles to each dashboard to control visibility across the team.

  • Assign roles and permissions to dashboard templates
  • Make selected dashboards as default for all system users
  • Create user-specific dashboards and reports
web icon fortisoar reporting 1

Report Repository

Leverage the FortiSOAR report library for an accelerated start with many commonly used reports.

  • Access ready-to-use reports such as incident closures, alert closures, and IoC summaries
  • The support portal is integrated with imported reports for full functionality
  • Customize FortiSOAR reports from the repository for organization-specific metrics
  • Export reports in CSV and PDF formats
web icon fortisoar reporting 2

Role-based Reporting

  • Ability to assign specific roles to reporting templates
  • Make selected reports accessible to all system users
  • Create user-specific or incident-specific reports 
web icon fortisoar connector 1

Connectors

FortiSOAR integrates with an organization’s entire security stack with a single pane of glass. The connector repository provides unlimited access to hundreds of products from SIEMs and endpoints to threat intelligence platforms. Security teams can streamline their incident response process while maximizing ROI.

See the full list of FortiSOAR’s connectors here!

web icon fortisoar queue management 1

Create Dedicated Queues

Leverage the built-in queue management to handle automatic work assignments across multiple queues and teams.

  • Create multiple queues across multiple teams
  • Add multiple team members to each queue
  • Define logical rules for auto assignments to a specific member or team
  • Option to add work tasks manually to any queue
web icon fortisoar queue management 2

Manage SOC Shift Changes with Ease

SOCs that work in multiple shifts can perfect shift changes with ease

  • Create multiple queues for different shifts
  • Define rules for assigning alerts and incidents based on the time zone
  • Obtain snapshots of a shift’s queue to better understand task status
  • Option to add manual tasks to any queue or team member

Our Customers Emphasize the Value of FortiSOAR (Formerly Cybersponse) in Gartner Peer Insights Reviews

Many enterprise customers realize the power and effectiveness of FortiSOAR (formerly Cybersponse) and have provided positive feedback on Gartner Peer Insights. Read what end users say about FortiSOAR.

 

★★★★★
"Rapid Feature Enrichment Based On Customer Feedback"

Manager, Information Risk in the Healthcare Industry, $3B – 10B company 

"CyOPS provided a completely customizable SOAR solution. Due to it's flexibility, my security operations center was able to implement a single pane of glass for visibility to alerts from over 30 different platforms. Full triage of events is made possible with manual and automatic enrichment from numerous external open source and paid threat intelligence platforms. Our feedback to improvements and enhancement to the CyOPs portal is consumed, evaluated and rapidly integrated into regular updates to the platform."


★★★★★
"Cyops is the most flexible security incident automation tool"

Platform Architect in the Services Industry, $3B – 10B company

"Cyops is one of the most flexible product, I have come across. We have achieved 99% of our highly customized requirements from ticketing to reporting and automation to orchestration."


★★★★★
"Very flexible tool that allows to automate complex tasks in a matter of hours"

Senior Cyber Security Analyst in the Healthcare Industry, $10B – 30B company

"SOAR platforms as a business, with most players being less than 10 years old, is definitely still in its infancy, but CyOps is a hypergrowing child."


★★★★★
"Implementation was easy and fast, and user friendly with live support"

Cloud Security Specialist in the Services Industry, <$50M company

"Very professional company, with great support service. The tool is self covers all the requirements of a SOAR platform and enables organization and MSSPs to move forwarded with the next generation SOC."


★★★★★
"Great Tool For SOC Orchestration And Automation"

Group Head of Information Security Operations in the Retail Industry, $1B – 3B company

"The Product is great for integrations with various SOC used tools. Using this tool for Automation of mundane tasks means the skills resources can focus on genuine incidents. Response and SLA tracking means we can judge the effectiveness of current orchestration."

 

★★★★★
"Great Blank Slate of a product."

Knowledge Specialist, $250M – 500M company

"The Support from this company is second to none - they are available when needed via multiple channels and support routine and emergency patching/repairs. the product development team are often implementing new features and are very responsive to feature requests."




Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.   

FortiSOAR Use Cases

Unified Incident Response Management

SOC teams are enabled to orchestrate, automate, and respond to threats with all of their existing tools instantaneously.

Teams can centralize their security processes, resulting in quicker real-time responses at machine speed.

Alert Triage Automation

Streamline security processes by automatically correlating alerts from across the security stack into a single incident for investigation, triage, and remediation.

Automation eliminates alert fatigue and provides SOC teams with the ability to focus on threat hunting efforts.

SOC Optimization

Measure and track SOC progress using customized FortiSOAR dashboards to monitor security operations KPIs and create automated enterprise-level reports for auditors and leadership.

This allows SOCs to identify vulnerabilities and hone in on where manual processes can be automated.

SOC Team Collaboration

In the midst of a security professionals shortage, lean SOC teams can use FortiSOAR to fill the gaps and reduce costs. FortiSOAR provides cross-functional collaboration to expedite the remediation process and resolution to security alerts.

This results in enhanced team collaboration, reducing workloads and frees teams to expand security efforts.

Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.

For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:

  • Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
  • Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
  • Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.

FortiGuard

Industry Leading AI-driven Protection and Intelligence

FortiCare

World-class Global Support and Professional Services

Mission critical security-driven networks deserve the best support available.  FortiCare provides 24x7 support options to help keep your FortiGates up and running.  We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements. 

Want faster resolution?  Choose our Advanced Support option.

Need help to get going with new deployments and integrations?  FortiCare can do it, too, with Professional Services and Resident Engineers!  Contact Sales to find out how.

Delivering world-class security is not all that we do! We can help our customers lower their total cost of ownership (TCO) and simplify day-to-day security operations through our FortiOps services, which provide cloud-based management, visibility, and automation across their Fortinet Security Fabric.

FortiOps

Cloud-based Management, Visibility, and Operations

Fuse Community


Product Demo

FortiSOAR is a purpose-built product for the modern SOC. With dedicated SOC Queue Management, OOB Vulnerability management, OOB Asset Management, Indicator Repository, Enterprise grade Reporting, SLA Tracking and more.

Request here to get a personalized demo of the product with one of our FortiSOAR specialist. 

FortiSOAR Alliance Partners

FortiSOAR provides integration with many leading IT & security vendors as part of the Fortinet Security Fabric.  Please note that over the next few months we will update the content to incorporate the integrations with the partners.

What market problem does FortiSOAR address?   
The key problems FortiSOAR addresses for security teams are: staff shortages, alert fatigue from many sources, the rapidly expanding threat landscape, and the need for a central repository and action center for SOCs.    


Can you explain FortiSOAR technology or product offerings?
   
FortiSOAR is the premier software SOAR solution for global enterprises and MSSPs. It:

  • Consolidates and triages alerts and threat intel from solutions such as SIEM, email, syslog, and ticketing systems into one interface​
  • Automates the analysis and incident response, leveraging more than 200 playbooks that capture both machine-machine and human-machine interactions
  • Visualizes and reports on metrics including ROI on investment​

Other key highlights include:

  • Mature case management (ticketing workflows, etc.) ​
  • Distributed multi-tenancy to enable MSSPs and managed detection and response (MDR) providers with the Fortinet Security Fabric and SOAR capabilities
  • Enterprise-grade user experience with drag and drop actions


Who are FortiSOAR customers?
SOAR is ideal for large teams with more than five SOC analysts. FortiSOAR has a number of customers in large enterprises, MSSPs, government, and service providers. 


What are the benefits to Fortinet partners?  
Partners will benefit from FortiSOAR with an expanded product and services portfolio that enriches their security offering and adds value for customers with integrated solutions for SOC optimization. Adding FortiSOAR to the Security Fabric significantly increases the addressable market and the ability to reach a wider audience.