Fortinet has announced at the RSA Conference 2018, the industry’s first purpose-built NOC-SOC solution that bridges workflows, analysis and automated response to operational and security processes. Building on the Fortinet Security Fabric architecture, Fortinet has combined the latest capabilities of FortiManager, FortiAnalyzer 6.0 and FortiSIEM 5.0 to offer a unique NOC-SOC management and analytics solution.
NOC-SOC approach to management enables enhanced security operations visibility with a new graphical Security Fabric topology view and extensions into both private and public cloud environments, with dynamic policy objects. New Security Rating feature combines analytics from FortiGate, FortiAnalyzer, and FortiManager with threat intelligence services from FortiGuard to provide enterprises with a quantifiable security posture. The rating includes expanded audit rules, risk scoring and industry benchmarking with customized auditing based on network environments.
New Incident Response (IR) tracking capabilities allow users to automate responses across silos based either on predefined triggers (system events, threat alerts, user and device status) or through direct ServiceNow IT Service Management (ITSM) integration.
“Both security and IT teams are challenged by resource constraints, yet workloads and the rate of cyber threats continue to rise in scope and complexity.” said John Maddison, senior vice president of Products and Solutions at Fortinet “As the industry faces a cyber talent shortage and the pressure to maintain operational efficiency and security efficacy is critical for digital business, a new approach is needed that brings visibility and control into the NOC with workflow and response automation in the SOC. Fortinet is introducing a customized NOC-SOC solution that bridges the gap across IT disciplines to achieve broad and automated security response.”
Bridging the Gap Between Silos Requires Automated, Integrated Network & Security Operations
According to a recent Global Information Security Workforce Study, the cybersecurity workforce gap is expected to reach 1.8 million by 2022, where 66% of the respondents reported not having enough workers to address current threats. As IT increasingly supports complex applications that are spread across systems in multiple locations, from on-premises data centers to the public cloud, the workforce shortage and complexity of these new environments demands a new approach to security management.
Integration across security disciplines – not merely products – enables a greater level of visibility, control, and operational management. Fortinet’s new NOC-SOC solution combines the latest capabilities of FortiManager, FortiAnalyzer, and FortiSIEM, coalescing the operational context of the NOC, such as appliance status, network performance, and application availability, with the security insights of the SOC, including breach identification, stopping data exfiltration, and uncovering compromised hosts.
This level of management and automation crosses traditionally siloed functions, allowing each team to operate with the benefit of the other’s perspective. In this new model, once a threat is identified, the SOC teams have a real-time view of all assets, their current state and who owns them, allowing them to immediately understand the scope of the threat and automatically orchestrate action to remediate the damage.
This intersection and overlap in operations and security are paramount for the defensive posture and risk management of today’s dynamic business environments. The new features and capabilities in the Fortinet Security Fabric that provide integrated NOC and SOC functionality include:
- Centralized NOC-SOC Management: The latest release of FortiManager, Fortinet’s centralized security management, now natively manages FortiAnalyzer, incorporating all data, analysis, control, and perspective in a single-pane-of-glass view of NOC and SOC operations.
- Comprehensive Security and Operations Visibility: FortiSIEM brings together the operational context of a full configuration management database (CMDB), including accurate, up-to-the-minute status on all assets, while proactively searching and adding new assets as they come online. Security teams now also benefit from a Fabric Topology within FortiManager and FortiAnalyzer, graphically displaying a map of current assets, their status, and security threats. This NOC-SOC consolidated view of operations and security unlocks automation and enables security teams to act more quickly and efficiently.
- Measurable Security Posture Assessments: Security Rating feature continuously evaluates Security Fabric elements to quantify the implementation of security best practices with suggestions on ways to improve operations across the NOC and SOC. Additionally, FortiAnalyzer tracks Security Ratings over time to indicate trends and prove return on investment of security initiatives, while also providing a comparison view of your security posture versus your industry peers, based on size or region.
- Cross-silo Automation with ServiceNow: As a Fabric-Ready partner, ServiceNow is being integrated into NOC-SOC-based workflows to span operational silos. Security incidents created in FortiAnalyzer or FortiSIEM, with appropriate evidence and forensics added to the ticket, are automatically passed to ServiceNow Security Incident Response. Analysts working from the ServiceNow platform can determine how to resolve the incident and choose from a catalog of responses. Responses that require changes to device configuration are automatically implemented through FortiManager, thus closing the loop and seamlessly bridging the security and operation teams.