Fortinet has reinforced its FortiAnalyzer security analytics and log management platform with capabilities that enhance enterprise threat detection and automate incident response.
FortiAnalyzer securely collects logs from Fortinet devices such as FortiGate firewalls and endpoint security agents. It uses AI to look for trends, anomalies and potential security threats to then build security analyses, network traffic reports and incident response playbooks.
The enhanced FortiAnalyzer is targeted at midsize enterprises and teams impacted by the cyber skills shortage, according to Nirav Shah, senior vice president, products and solutions, at Fortinet. “With the latest advancements in FortiAnalyzer, we’ve eliminated the need for additional SecOps tools, making it the ideal turnkey AI-driven security operations platform supporting on-premises and cloud environments,” Shah said in a statement.
Enhancements to FortiAnalyzer include tighter integration with the vendor’s unified data lake to help customers bring together network and security logs, security analytics, and compliance reporting from across the Fortinet Security Fabric into a single platform view.
The package features enhanced IoT, security operations center (SOC), email security, and endpoint dashboards to show insights into high-severity incidents, compromised hosts, and vulnerabilities, Shah stated.
Support for FortiGuard Indicator of Compromise (IoC) and Outbreak Detection subscription information lets security teams identify and address vulnerabilities faster. “FortiAnalyzer built-in AI capabilities automatically identify high-priority alerts and downloads relevant event handlers, correlation rules, and reports to help organizations understand an attack’s background, timeline, affected technologies, and related threat intelligence,” Shah stated.
The package also now integrates with FortiAI, the vendor’s genAI assistant, to better support analytics and telemetry to help security teams speed threat investigation and response, the vendor stated.
“FortiAI identifies the threats that need analysis from the data collected by FortiAnalyzer, primarily collected from FortiGates. By automating the collection, analysis, and response processes, FortiAI helps organizations detect threats faster, minimizing alert fatigue and reducing response times,” wrote Kimberly Becan, senior director of security operations solutions at Fortinet, in a blog about the AI capabilities of FortiAI and ForitAnalyzer.
“The impact is significant: Instead of spending hours filtering through alerts, security analysts can ask AI-driven queries like ‘What are the most critical threats from the past 24 hours?’ or ‘Which malware bypassed security controls today?’ and receive instant, prioritized insights,” Becan wrote.
With an intuitive, AI-powered conversational interface, FortiAI embedded within FortiAnalyzer enables security professionals to surface relevant threats and assess their context quickly. By streamlining alert triage, organizations improve efficiency, optimize IT resources, and minimize security gaps, Becan wrote.
Other new features include prebuilt SOC automation content packs to bring security teams the latest event handlers, playbooks, and third-party log parsers, such as Armis Platform and Microsoft Office 365. The idea is to let security teams contain and remediate threats with minimal manual intervention, Shah stated.
“FortiAnalyzer’s evolution into an AI-driven SecOps platform, with seamless integration of third-party devices and SOC services — as well as deep integrations with the Fortinet Security Fabric — empowers security teams with unified visibility across their infrastructure, enhanced threat intelligence, and streamlined incident response from a single solution,” Shah said.
Current FortiAnalyzer customers with FortiGuard subscription services have access to the new features and capabilities now. Content packs are updated regularly so that organizations keep pace with emerging threats and can expand SOC coverage as needs evolve, Fortinet stated.