Overview:
FortiSOAR™ is a holistic Security Orchestration, Automation and Response workbench, designed for SOC teams to efficiently respond to the ever-increasing influx of alerts, repetitive manual processes, and shortage of resources. This patented and customizable security operations platform provides, automated playbooks and incident triaging, and real-time remediation for enterprises to identify, defend and counter attacks. FortiSOAR™ optimizes SOC team productivity by seamlessly integrating with over 300+ security platforms and 3000+ actions. This results in faster responses, streamlined containment and reduced mitigation times, from hours to seconds.
FortiSOAR enables SOC teams to quickly and securely:
- Manage security alerts, incidents, indicators, assets and tasks through a simplified, easy-to-use GUI
- Increase SOC team productivity by eliminating false positives and focusing only on the alerts that matter
- Track ROI, MTTD, MTTR through customizable reports and dashboards
- Automate within the Visual Playbook Designer, with 300+ security platform integrations & 3000+ actions for automated workflows and connectors
- Minimize Human Error by employing clear, auditable playbooks and custom modules to handle ever-changing investigation requirements
- Scale your network security solution with a truly multi-tenant distributed architecture, from a single, collaborative console
- Identify real threats with automated false positive filtering and predict similar threats and campaigns with FortiSOAR’s recommendation engine
- Eliminate Repetitive Tasks through automation, correlation of incidents, threat intelligence & vulnerability data
- Improve efficiency & effectiveness of SOC processes by customizing and employing FortiSOAR’s automation templates to save time and resources
- Reduce security incident discovery times from hours to seconds
Key Features:
Role-Based Incident Management
FortiSOAR’s™ Enterprise Role-Based Incident Management solution provides organizations with robust field level role-based access control to manage sensitive data in accordance with SOC policies and guidelines.
Easily manage alerts and incidents in a customizable filter grid view with automated filtering, to keep analysts focused on real threats. Execute dynamic actions and playbooks on alerts and incidents and analyze correlated threat data in an intuitive user interface.
FortiSOAR’s Recommendations Engine predicts various fields such as severity, asset, user, based on previously identified cases, aiding the SOC analyst in grouping and linking them together to identify duplicates and campaigns involving similar alerts, common threats and entities
Role-Based Dashboards & Reporting
Role-based dashboards and reporting, empowers SOC teams to measure, track and analyze investigations and SOC performance granularly with quantifiable metrics.
FortiSOAR’s™ ready-made library of industry standard, personafocused dashboard templates, intuitive drag and drop visual layout builders, ensures SOC teams have the best tools to optimize their time and resources. Comprehensive charts, listings, counters and performance metrics help create rich views and informative data models. FortiSOAR also provides Industry-standard reports for Incident Closure, Incident Summary, Weekly Alert and Incident Progress, IOC Summary and many others. Track metrics such as MTTR, MTTD over various NIST approved incident phases, analyst loads, escalation ratios, Automation ROI’s and other SOC performance metrics.
Multi-Tenancy
FortiSOAR™ provides a truly distributed multi-tenant product offering with a scalable, resilient, secure and distributed architecture, allowing MSSPs to offer MDR like services, while supporting operations in Regional and Global SOC environments.
With the ability to run automation workflows on specific tenants remotely, handling unique customer environments & product diversity becomes streamlined. FortiSOAR also involves tenants in case of approval requirements to control data flow to the master nodes. Other tenant features include creating tenant-specific alerts, incident views, reports and dashboards, and filter views.
Visual Playbook Builder
FortiSOAR’s™ Visual Playbook Designer allows SOC teams to design, develop, debug, control and use playbooks in the most efficient manner.
The intuitive design includes a drag and drop interface to string multiple steps together, using 300+ OOB workflow integrations, , 3000+ automated actions, a comprehensive expression library for easy development, playbook simulation and referencing, ability to execute code in workflows like python, versioning, privacy control, crash recovery, advanced step controls like looping, error handling, notifications and more.
FortiSOAR’s extensible platform provides the ability to define new modules with customization of fields, views, and permissions, and creation of smart automated workflows and playbooks on top of them, simplifying the analyst’s ability to support solutions for vulnerability and threat management as well as regulation and compliance.