Network Monitoring Appliances

FortiAnalyzer | Security-Driven Analytics and Log Management

FortiAnalyzer provides deep insights into advanced threats through Single-Pane Orchestration, Automation, and Response for your entire attack surface to reduce risks and improve your organization's overall security.

Integrated with Fortinet's Security Fabric, FortiAnalyzer simplifies the complexity of analyzing and monitoring new and emerging technologies that have expanded the attack surface, and delivers end-to-end visibility, helping you identify and eliminate threats.

Advanced Threat Detection and Correlation allows security and network teams to immediately identify and respond to network security threats across the infrastructure.

Automated Workflows and Compliance Reporting provides customizable dashboards, reports, and advanced workflow handlers for both security and network teams to accelerate workflows and assist with regulation and compliance audits.

Scalable Log Management collects logs from FortiGate, FortiClient, FortiManager, FortiSandbox, FortiMail, FortiWeb, FortiAuthenticator, Generic syslog, and others. Deploy as an individual unit or optimize for a specific operation, and scale storage based on retention requirements.

Feature Highlights | Security Operations Center

FortiAnalyzer's Security Operations Center (SOC) helps security teams protect networks with real-time log and threat data in the form of actionable views, notifications, and reports. Analysts can protect network, web sites, applications, databases, data centers, and other technologies through centralized monitoring, awareness of threats, events, and network activity. The predefined and custom dashboards provide a single-pane-of-glass for easy integration into your Security Fabric. The new FortiSOC service subscription provides built-in incident management workflows with playbooks and connectors to simplify the security analysts' role with enhanced security automation and orchestration.

Incident Detection and Response

FortiAnalyzer's automated incident response capability enables security teams to manage incident life cycle from a single view. Analysts can focus on event management and identification of compromised endpoints through default and customized event handlers with quick detection, automated correlation, and connected remediation of Fortinet devices and syslog servers with incident management and playbooks for quick assignment of incidents for analysis. Track timelines and artifacts with audit history and incident reports, as well as streamline integration with ITSM platforms that help bridge gaps in your Security Operations Center and reinforces your security posture.

FortiAnalyzer Playbooks

FortiAnalyzer Playbooks boost security team abilities to simplify efforts and focus on critical tasks. Out-of-the-box playbook templates enable SOC analysts to quickly customize and automate their investigation use cases to respond to compromised hosts, critical intrusions, blocking C&C IPs, and more. Flexible playbook editor for hosts under investigation. FortiAnalyzer also allows analysts to drill down to a playbook and review task execution details and edit playbooks to define custom processes and tasks. FortiAnalyzer includes built-in connectors for playbooks to interact with other Security Fabric devices like FortiOS and EMS.

Analytics, Reports, and Compliance Across the Security Fabric

FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.

Integrated with the Fortinet Security Fabric, FortiAnalyzer enables Network and Security Operations Teams with real-time detection capabilities, centralized security analytics and end-to-end security posture awareness to help analysts identify advanced persistent threats (APTs) and mitigate risks before a breach can occur.

Capabilities | Incident Detection and Response | Centralized NOC/SOC Visibility for the Attack Surface

FortiAnalyzer provides Security Fabric Analytics across all device logs with event correlation and real-time detection of Advanced Persistent Threats (APTs), vulnerabilities and Indicators of Compromise (IOC) for FortiGate NGFWs, FortiClient, FortiSandbox, FortiWeb, FortiMail and other Fortinet products, for deep visibility and critical network insights. Simplified orchestration and automated workflows provide Network Security Operations teams with real-time notifications, reports, and dashboards for single-pane visibility and actionable results.

Incidents and Events Management

Security teams can monitor and manage alerts and event logs from Fortinet devices, with events processed and correlated in a format that analysts can easily understand. Investigate suspicious traffic patterns and search using filters in predefined or custom event handlers to generate real-time notifications and monitoring for NOC and SOC operations, SD-WAN, SSL VPN, wireless, Shadow IT, IPS, network recon, FortiClient, and more.

The Incidents component enables analysts to manage incident handling and life cycle, with incidents generated by events that show affected assets, endpoints, users and timelines.

Fabric Automation

FortiAnalyzer Playbooks boost an organization's security team abilities to simplify investigation efforts through automated incident response, freeing up resources and allowing analysts to focus on critical tasks. Out-of-the-box playbook templates enable SOC analysts to quickly customize their use cases, define custom processes, interact with other Security Fabric devices like FortiOS and EMS, edit playbooks and tasks in the visual playbook editor and use the Playbook Monitor for investigation of compromised hosts, infections and critical incidents, data enrichment for Assets and Identity views, blocking malware, C&C IPs, and more.

Security Fabric Analytics | Analytics and Reporting

FortiAnalyzer automation driven analytics empowers network security operations teams to complete a fast assessment of network devices, systems, and users, with correlated log data and FortiGuard threat intelligence for analysis of real-time and historical events.

Automation-Driven Centralized Management

Manage all your Fortinet devices in a single-console central management system. FortiManager provides full visibility of your network, offering streamlined provisioning and innovative automation tools.

Integrated with Fortinet's Security Fabric, the security architecture and FortiManager's Automation Driven Network Operations capabilities provide a foundation to secure and optimize network security, such as provisioning and monitoring SD-WANs.

Orchestrate security devices and systems on-premise or in the cloud to streamline network provisioning, security policy updates & change management.

Automate your time-intensive processes and accelerate workflows to offload NOC-SOC, reduce administrative tasks and address talent shortages.

Optimize Visibility to the entire digital attack surface and awareness of increasing cyber threats from one centralized location, through accurate detection, automated correlation and rapid response features.

Highlights

Single Pane Automation and Orchestration

Fortinet Security Fabric delivers sophisticated security management for unified, end-to-end protection. Deploying Fortinet-based security infrastructure to battle advanced threats, and adding FortiManager to provide single-pane-of-glass management across your entire extended enterprise provides insight into network-wide traffic and threats.

FortiManager offers enterprise-class features to contain advanced threats. FortiManager also delivers the industry's best scalability to manage up to 100,000 Fortinet devices. FortiManager, coupled with the FortiAnalyzer family of centralized logging and reporting appliances, provides a comprehensive and powerful centralized management solution for your organization.

Central Management of Network Infrastructure

Centrally manage FortiGate , FortiSwitch, FortiExtender, FortiAP. The VPN manager simplifies the deployment and allows centrallyprovisioned VPN community and monitoring of VPN connections on Google Map. FortiAP Manager allows configuring, deploying and monitoring FortiAPs from a single console with Google Map view. The FortiClient Manager allows centralized configuration, deployment and monitoring of FortiClients.

Centralized SD-WAN Deployment & Monitoring

Powerful SD-WAN management capabilities by using templates. Enhanced SD-WAN monitoring for each SD-WAN link member with visibility of link status, application performance, bandwidth utilization. The SLA targets are included in performance monitoring graphs for each WAN provider.

Configuration and Settings Management

Collectively configure the device settings - using the provisioning templates and advance CLI templates improves management of a large number of devices. Automatic device configuration backup with revision control and change audit make it easier for daily administrative tasks.

Security Policy Management

A set of commonly used security policies can be now grouped in a Policy Block and inserted as needed in different Policy Packages.

Global policy feature that allows companies such as: Telecom, MSSP, SAAS providers applies a header and/or footer policy at the ADOM level to all the policy packages or to a selection of packages, as needed.