Simplify SOC Automation with FortiAnalyzer
pereirah1
469 views
25 slides
Jul 04, 2024
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Simplify SOC Automation with FortiAnalyzer
Slide Content
Simplify SOC Automation with FortiAnalyzer Max Zeumer Products & Solutions Marketing
Slide 5 introduces and explains the Security Fabric Story, it’s vital to discuss, as the deck is designed to go from broad to FortiAnalyzers segment Speaker notes are included with short and in-depth details 11-18 include Two slides for each Use Case / Functionality choose 1 slide per use case based on time and audience – the 2nd slide of each use case is a shorter simplified version for audience less technical / CxO Slides 19-21 (hidden) tap into detail around Security Automation should the audience have questions Guidelines for Presenting Deck. DELETE THIS SLIDE BEFORE PRESENTING
Security Operations Struggling To Keep Pace “70% of respondents say their home lives are being emotionally impacted by their work managing threat alerts. 51 % feel their team is being overwhelmed by the volume of alerts.” Security Magazine, 70% of SOC Teams are Overwhelmed by Alert Volume, 2021 “57% of organizations have been impacted by the global cybersecurity skills shortage. Among those, 62% said that the skills shortage has increased the workload on existing staff; and 38% said that the skills shortage has led to employee burnout and employee attrition.” ESG and ISSA, The Life and Times of Cybersecurity Professionals, 2021 Organizations with no security automation experienced breach costs of $6.71 million on average in 2021, vs. $2.90 million on average at organizations with fully deployed security automation . FortiGuard Labs 2021 Weaponization of AI Alert Overload Scarcity of Cyber Skills Through 2025, policy misconfigurations , not firewall flaws, will remain the cause of 99% of firewall breaches and bypasses Gartner : Top 10 Trends Impacting Infrastructure and Operations for 2020 Published 14 April 2020 - ID G00464437 Firewall Challenges
67% of organizations use disconnnected security tools Challenged by constant emergencies, blind spots and data inconsistency Sources: ESG Research. Trends in XDR. October 2020. The Impact on Limited Technology Consolidation Point Product Complexity
Appliance Virtual Hosted Cloud Agent Container Fortinet Security Fabric Access & Endpoint Security Cloud Security Open Ecosystem Secure Networking FortiGuard Threat Intelligence Network Operations Security Operations FortiAnalyzer Security Fabric Analytics & Automation SOC Security Operations Broad visibility and protection of the entire digital attack surface to better manage risk Integrated solution that reduces management complexity and shares threat intelligence Automated self-healing networks with AI-driven security for fast and efficient operations
Log4j2 All security fabric products – from both the DETECT and PROTECT phases – are applied based on which ones are relevant to each outbreak. Security Fabric Coverage SOC teams are under pressure during critical events and require a concise and complete view of the attack surface, which the Outbreak Report providers. SOC Response In addition to the report, the dynamic Outbreak Detection Services provide immediate visibility of any triggers across the attack surface. Automated IR Services The Outbreak Alerts demonstrate the broad coverage of the security fabric across the cyber kill change and incident response life cycle. FortiGuard Outbreak Alerts Security Fabric Approach Co-ordinated visibility and automated response across the fabric
Simplify Security Operations Ref: 2020 CISO Benchmark Study Choose an offering aligned to your SOC maturity LEVEL2 Multi-Vendor Visibility ( FortiSIEM ) LEVEL1 Security Fabric Analytics ( FortiAnalyzer ): Logging & Reporting, Best Practice Compliance, Security Fabric Incident Response Automated Response ( FortiSOAR ) Automated Investigation & Response ( FortiXDR ) LEVEL3
Maximize Posture with FortiAnalyzer Easy to scale and accelerate growth to all levels of maturity Threat Detection Network Visibility Security Analytics Logging Incident Response Automation Stop Advanced Threats with FortiAnalyzers Deep Integration Across The Fortinet Security Fabric
Solution: FortiAnalyzer End to end security management + security loggings with real time detection/analytics Single platform for IT, NOC & SOC visibility Advanced Threat Protection with Security Fabric Automation capabilities What is FortiAnalyzer? Security Fabric Log management, analytics and reporting SOC and NOC teams can use FortiAnalyzer for IOC, event handling and reporting Delivery Weaponization Exploitation Installation Command & Control Action on Objectives Reconnaissance
FortiAnalyzers Key Capabilities
FortiAnalyzer Use Cases Overview Improve Single Pane Visibility Security Fabric Analytics Simplify Visibility Across the Security Fabric, Strategically Consolidating Operations Automation for faster operations, maximizing existing staff and SOC augmentation Advanced Threat Detection Detect Network & Security Anomalies in Real-Time Reducing MTTD FortiAnalyzer Improve SOC Effectiveness Automated Compliance Compliance Leveraging Security Rating Reduce Complexities Accelerate L1-L3 Maturity Security Automation Consolidated Security Fabric analytics, single-pane-of-glass visibility and high value automation across the portfolio
Security Fabric Analytics Central Logging and Reporting for Fortinet Real-Time Network & Anomaly Visibility Security Analytics & Reporting Policy, Events, & additional Data Correlation Improve Network Visibility, Risk Assessment & Eliminate Blind spots Traffic logs Event logs DNS logs Security logs 3 rd Party Logs Forti View Log View Fabric View SOC Reports Incidents & Events Strategically Consolidate Operations
Native Integration Visualization for IT, Security and SOC teams FortiAnalyzer The Security Fabric’s Analytics Engine is FortiAnalyzer – a vital component for the Fabric and security operations Automation Stitch: FortiAnalyzer is the Analytics backend of the Security Fabric and can be leveraged natively in a FortiGate thought a secure channel between FortiGate & FortiAnalyzer FortiGate FortiAnalyzer enables Topology View
Analytics Driven threat detection that detects any threats, and identifies them as high, medium or low risks Advanced Threat Detection Control Logging with Automation Automated Log Collection, Normalization & Correlation Identify & Take Action on Dynamic Threats Indicator of Compromise (IOC) / Threat Hunting FortiGate(s) FortiAnalyzer HA Collector Cluster Daily IoC Feeds FortiAnalyzer HA Cluster Improves Efficiency by leveraging inbuilt Analytics, &, IoCs from FortiGaurd Labs Reduce Risk, MTTI, & Improve Efficiency
Advanced Threat Detection Reduced Risk Improved Efficiency Decreased MTTI FortiGate(s) FortiAnalyzer HA Collector Cluster Daily IoC Feeds FortiAnalyzer HA Cluster
FortiGuard Security Rating FortiAnalyze r FortiManager Consistently improve compliance, policy & regulation Security Rating is a license on a FortiGate Benchmarks: FortiAnalyzer enables you to evaluate progress against your industry and provides you historical Insights Score: FortiManager provides you the Security Rating across FortiOS
Simplify compliance with hundreds of pre-built reports & templates which are regulation-specific Automated Compliance Compliance Review: Improve Situational Awareness to Prepare, Protect, Detect, Respond & Recover 360-Degree Security Review: Application Visibility & Control Threat Endpoint Detection Recommended Actions
Security Automation How to Scale Security Automation with FortiAnalyzer Simplify Security Operations Central Logging, Reporting FAZ Automation Augment Security Operations with Fortinet’s SOCaaS FortiSOAR Container on FortiAnalyzer & FortiManager Maximize Effectiveness, Lower TCO, & Ease Operations CAPABILITIES BENEFIT & RESULTS FortiAnalyzer: Logging & Reporting, Security Fabric Analytics SoCaaS Service : L1-SOC Augmentation Add-On FortiSOAR Management Extension Add-On : Automated Response FortiSOC Add-On : SOC Automation with FortiAnalyzer
What is FortiSOC ? Enables SOAR like capabilities for automated Response Ready to use Automation Layered onto FortiAnalyzer, FortiSOC provides an easy to use module designed to improve the efficiency of lean teams with limited time and resources. Centralizing and speeding incident response with: Machine Driven Processes /OOTB Playbooks Easy to Build Automated Workflows Monitor progress Benefits: Reduce MTTR, lengthy manual workflows and monitor KPI’s – strengthening security
Augmenting Security Operations with SOCaaS Accelerate Operational efficiency Eliminate Blind Spots User Executed Ransomware Ransomware FortiClient Malicious network activity detected – possible ransomware. IT Analyst alerted to take action to mitigate and prevent future executions Logs Analyzed by Fortinet’s SOCaaS Logs Sent to FortiAnalyzer Follow the Sun Approach Offload Common use case to focus on priority initiatives FortiGate
What is the FortiSOAR Management Extension? Explore, Develop, & Scale Automation for Maximum SOC Effectiveness Why Customer use FortiSOAR’s MEA FortiAnalyzer Threat actors advancing and scaling tactics increases the volume of processes needed to counter them – making it challenging for SOCs to keep pace. Solution: Accelerate SOC Growth Fortinet’s full SOAR solution, available as a container on FortiAnalyzer – designed to help teams expand orchestration & automation for advanced use cases 180+ OOTB playbooks 400+ Connectors to 3 rd -party systems *Limited to 300 Playbook Actions / Day
Outcomes & Summary Operational & Business
Operational Outcomes Faster Operations Reduced Risk Avoid Breaches Tracking and reporting features help organizations ensure compliance with privacy laws, security standards, and industry regulation Simplified infrastructure that reduces operational complexity across the organization. Organizations with no security automation experienced breach costs of $6.71 million on average in 2021, vs. $2.90 million on average at organizations with fully deployed security automation. 1 The capabilities enable proactive operations, maximizing resources and security posture . Reducing risk FortiGuard Labs Late 2021 Report
3 2 1 3 Takeaways Security Fabric Threat Detection Automate Advanced Threat Detection Across the Security Fabric Security Automation Simplify Automation for Low-Med SOC Mature Customers SOC Services OPEX-Based SOC Services for better visibility and automation (IOC, SOCaaS, Outbreak) FortiAnalyzer
FortiAnalyzer Net Net Benefits Delivering ROI Improved TCO Common uses cases, such as NGFWs and SD-WAN, into FortiGate NGFWs improve TCO by eliminating point products Integrated with other Fortinet offerings via the Security Fabric – leveraging security analytics & automation without the need for additional third-party solutions 1 Results Reduced Risk Tracking & reporting features ensure compliance with privacy laws, security standards, and industry regulations Simultaneously reducing risks associated with fines and legal costs in the event of a breach. Real-time tracking of threat activity, facilitates risk assessment, detects potential issues, and helps mitigate problems Simplified Security I ncreased Efficiency Simplified infrastructure reducing operational complexity across the organization Easy automated response to anomalies discovered within the network, improving the efficiency of IT and security teams 2 3 Simplifies security operations, enabling enterprises at any stage of maturity to smoothly integrate security visibility and automation.
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 469
- Slides 25
- Age 516 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views