Network & Communication

Security-Driven Analytics & Log Management

FortiAnalyzer provides deep insights into advanced threats through Single-Pane Orchestration, Automation & Response for your entire attack surface to reduce risks and improve your organization's overall security.

Integrated with Fortinet's Security Fabric, FortiAnalyzer simplifies the complexity of analyzing and monitoring new and emerging technologies that have expanded the attack surface, and delivers end-to-end visibility, helping you identify and eliminate threats.

Advanced Threat Detection & Correlation allows Security & Network teams to immediately identify and respond to network security threats across the infrastructure.

Automated Workflows & Compliance Reporting provides customizable dashboards, reports and advanced workflow handlers for both Security & Network teams to accelerate workflows & assist with regulation and compliance audits.

Scalable Log Management collects logs from FortiGate, FortiClient, FortiManager, FortiSandbox, FortiMail, FortiWeb, FortiAuthenticator, Generic syslog and others. Deploy as an individual unit or optimized for a specific operation and scale storage based on retention requirements.

Feature Highlights

Security Operations Center (SOC)

FortiAnalyzer's SOC management center helps secure your overall network by providing actionable views of log and threat data. Protect your network, web sites, applications, databases, servers and data centers, and other technologies, with centralized monitoring, awareness of the threats, events and network activity, using predefined and customized dashboards delivered through a single-pane-of-glass interface for easy integration into your Security Fabric.

Incident Detection & Response

FortiAnalyzer's Automated Incident Response capability improves Management & Analytics with a focus on event management and identification of compromised endpoints. Improved default and custom event handlers can be used to detect malicious and suspicious activities on the spot. Integration of events with the FOS automation framework for automated actions such as endpoint quarantine or blacklist IPs. Incident detection and tracking, as well as evidence collection and analysis, are streamlined through integration with ITSM platforms, helping to bridge gaps in your Security Operations Center and reinforce your Security Posture.

Event handlers enable quick detection, automated correlation and connected remediation with incident management to simplify log analysis and threat identification across your Fortinet Security Fabric. Create event handlers for FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox devices, and syslog servers. Define what messages to extract from logs and display in events and send alerts for event handlers via email address, webhook, SNMP community, or syslog server.

The FortiGate 100E series delivers next generation firewall capabilities for mid-sized to large enterprises, with the flexibility to be deployed at the campus or enterprise branch. Protect against cyber threats with security processor powered high performance, security efficacy and deep visibility.

Security

• Protects against known exploits, malware and malicious websites using continuous threat intelligence provided by FortiGuard Labs security services
• Identify thousands of applications including cloud applications for deep inspection into network traffic
• Detects unknown attacks using dynamic analysis and provides automated mitigation to stop targeted attacks

• Delivers industry's best threat protection performance and ultra-low latency using purpose built-security processor (SPU) technology
• Provides industry-leading performance and protection for SSL encrypted traffic

• Independently tested and validated best security effectiveness and performance
• Received unparalleled third-party certifications from NSS Labs, ICSA, Virus Bulletin and AV Comparatives

• Delivers an extensive routing, switching, wireless controller and high performance IPsec VPN capabilities to consolidate networking and security functionality
• Enables flexible deployment such as Next Generation Firewall and Secure SD-WAN

• Single Pane of Glass with Network Operations Center (NOC) view provides 360° visibility to identify issues quickly and intuitively
• Predefined compliance checklist analyzes the deployment and highlights best practices to improve overall security posture

• Enables Fortinet and Fabric-ready partners' products to collaboratively integrate and provide end-to-end security across the entire attack surface
• Automatically builds Network Topology visualizations which discover IoT devices and provide complete visibility into Fortinet and Fabric-ready partner products

FortiAnalyzer is a powerful log management, analytics and reporting platform, providing organizations with Single-Pane Orchestration, Automation, and Response for simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack surface.

FortiAnalyzer, integrated with Fortinet's Security Fabric, provides advanced threat detection capabilities, centralized security analytics, and complete end-to-end security posture awareness and control, helping security teams identify and eliminate threats before a breach can occur

Orchestrate security tools, people and process for streamlined execution of tasks and workflows, incident analysis and response, and rapidly expedite threat detection, case creation & investigation, and mitigation and response.

Automate workflows and trigger actions with fabric connectors, playbooks and event handlers to accelerate your network security teams ability to respond to critical alerts and events, as well as SLA's for regulation and compliance.

Respond in real-time to network security attacks, vulnerabilities and warnings of potential compromises, with threat intelligence, event correlation, monitoring, alerts and reporting for immediate tactical response and remediation.

FEATURE HIGHLIGHTS

Incident Detection and Response

Centralized NOC/SOC Visibility for the Attack Surface

The FortiSOC view helps teams in the security operations center (SOC) and network operations center (NOC) protect networks with access to real-time log and threat data in the form of actionable views with deep drill-down capabilities, notifications & reports, and predefined or customized dashboards for single-pane visibillty and awareness. Analysts can utilize FortiAnalyzer's workflow automation for simplified orchestration of security operations, management of threats and vulnerabilities, and responding to security incidents, or investigate proactively by looking for anomlaies and threats in SIEM normalzied logs in the Threat Hunting view.

Event Management

FortiAnalyzer's Event Manager enables security teams to monitor and manage alerts and events from logs. Events are processed and correlated in an easily readable format that analysts can understand for immediate response. Analysts can use the Event Monitor for investigative searches into alerts, and use the predefined or custom event handlers for NOC and SOC, with customizable filters to generate realtime notifications for around-the-clock monitoring, including handlers for SD-WAN, VPN SSL, wireless, network operations, FortiClient, and more.

Incident Management

The Incidents component in FortiSOC enables security operations teams to manage incident handling and life cycle with incidents created from events to show affected assets, endpoints and users. Analysts can assign incidents, view and drill down on event details, incident timelines, add analysis comments, attach reports and artifacts, and review playbook execution details for complete audit history.

Integrate with FortiSOAR for further incident investigation and threat eradication including support to export incident data to FortiSOAR through the FortiAnalyzer fabric connector (enabled on FortiSOAR with API Admin setup).

Distributed Denial of Service (DDoS) attacks remain a top threat to IT security and have evolved in almost every way to do what they do best: shut down access to your vital online services.

Unlike intrusion and malware attacks, DDoS attackers have learned that they don't need to attack only end-point servers to shut you down. They attack any IP address that routes to your network: unused IPs, Inter-router-link public IPs or Firewall/Proxy/WiFi Gateway public IPs.

Cloud-based CDN and DNS-based cloud mitigation cannot protect you from these attacks. What is the impact to your business if your users cannot reach cloud services because your firewall or demarc router public IP is being DDoSed? Your CDN-based web servers may be up but your business is down!

Sophisticated multi-vector and multi-layer DDoS attacks use direct and reflected packets where the spoofed, randomized source IPs are impossible to ACL. These attacks are increasingly common as Mirai-style code has morphed into many variants and has been commercialized by providers of "stresser" sites. Anyone can call down large attacks for a few dollars.

Powered by SPU - A Different and Better Approach to DDoS Attack Mitigation

Only Fortinet FortiDDoS appliances use Machine Learning detection methods in dedicated, custom silicon Security Processing Units (SPUs) to deliver the most advanced and fastest DDoS attack mitigation on the market today, without the performance compromises of multi-CPU or CPU/ASIC hybrid systems. The TP2 and TP3 SPU Traffic Processors inspect 100% of both inbound and outbound Layer 3, 4 and 7 packets, resulting in the fastest and most accurate detection and mitigation, and the lowest latency in the industry.

FortiDDoS uses 100% machine learning, behavior-based methods to identify threats. Instead of requiring predefined signatures to identify attack patterns, FortiDDoS uses its massively-parallel computing architecture to build an adaptive baseline of normal activity from hundreds-of thousands of parameters and then monitors traffic against that baseline. Should an attack begin, FortiDDoS sees this as abnormal and immediately takes action to mitigate it.

Analytics, Reports, and Compliance Across the Security Fabric

FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.

Integrated with the Fortinet Security Fabric, FortiAnalyzer enables Network and Security Operations Teams with real-time detection capabilities, centralized security analytics and end-to-end security posture awareness to help analysts identify advanced persistent threats (APTs) and mitigate risks before a breach can occur.

Capabilities | Incident Detection and Response | Centralized NOC/SOC Visibility for the Attack Surface

FortiAnalyzer provides Security Fabric Analytics across all device logs with event correlation and real-time detection of Advanced Persistent Threats (APTs), vulnerabilities and Indicators of Compromise (IOC) for FortiGate NGFWs, FortiClient, FortiSandbox, FortiWeb, FortiMail and other Fortinet products, for deep visibility and critical network insights. Simplified orchestration and automated workflows provide Network Security Operations teams with real-time notifications, reports, and dashboards for single-pane visibility and actionable results.

Incidents and Events Management

Security teams can monitor and manage alerts and event logs from Fortinet devices, with events processed and correlated in a format that analysts can easily understand. Investigate suspicious traffic patterns and search using filters in predefined or custom event handlers to generate real-time notifications and monitoring for NOC and SOC operations, SD-WAN, SSL VPN, wireless, Shadow IT, IPS, network recon, FortiClient, and more.

The Incidents component enables analysts to manage incident handling and life cycle, with incidents generated by events that show affected assets, endpoints, users and timelines.

Fabric Automation

FortiAnalyzer Playbooks boost an organization's security team abilities to simplify investigation efforts through automated incident response, freeing up resources and allowing analysts to focus on critical tasks. Out-of-the-box playbook templates enable SOC analysts to quickly customize their use cases, define custom processes, interact with other Security Fabric devices like FortiOS and EMS, edit playbooks and tasks in the visual playbook editor and use the Playbook Monitor for investigation of compromised hosts, infections and critical incidents, data enrichment for Assets and Identity views, blocking malware, C&C IPs, and more.

Security Fabric Analytics | Analytics and Reporting

FortiAnalyzer automation driven analytics empowers network security operations teams to complete a fast assessment of network devices, systems, and users, with correlated log data and FortiGuard threat intelligence for analysis of real-time and historical events.

• FortiView Monitors and Views provide deep insights with context and meaning of network activity, risks, vulnerabilities, attack attempts, indicators of compromise and anomalies, sanctioned and unsanctioned user activity.