FortiSIEM: Fortinet Security Information and Event Management
8 Fortinet SIEM features that ensure risk management for modern networks
Infrastructure, applications, and endpoints (including IoT devices) must all be secured. This requires visibility of all devices and all the infrastructure—in real time. Organizations also need to know what devices represent a threat and where. That’s where FortiSIEM comes in.
Fortinet is the only vendor with a distributed real-time event correlation engine. Complex event patterns can be detected in real time. This patented algorithm enables FortiSIEM to handle a large number of rules in real time at high event rates for accelerated detection timeframes.
2.) Real-Time, Automated Infrastructure Discovery and Application Discovery Engine (CMDB)
Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover both physical and virtual infrastructure, on-premises and in public/ private clouds, simply using credentials without any prior knowledge of what the devices or applications are.
3.) Dynamic User Identity Mapping
Fortinet has developed a dynamic user identity mapping methodology. Users and their roles are discovered from on-premises or Cloud SSO repositories. Network identity is identified from important network events. Then geo-identity is added to form a dynamic user identity audit trail. This method makes it possible to create policies or perform investigations based on user identity instead of IP addresses — allowing for rapid problem resolution.
4.) Flexible and Fast Custom Log Parsing Framework (Patented)
Fortinet has developed an XML-based event parsing language that is functional like high level programming languages and easy to modify yet can be compiled during run-time to be highly efficient. All FortiSIEM parsers go beyond most competitor’s offerings using this patented solution and can be parsed at beyond 10K EPS per node.
5.) Business Services Dashboard — Transforms System to Service Views
FortiSIEM now offers the ability to associate individual components with the end user experience that they deliver together providing a powerful view into the true availability of the business
6.) Automated Incident Mitigation
When an Incident is triggered, an automated script can be run to mitigate or eliminate the threat. Built-in scripts support a variety of devices including Fortinet, Cisco, Palo Alto, and Window/Linux servers. Built-in scripts can execute a wide range of actions including disabling a user’s Active Directory account, disabling a switch port, blocking an IP address on a Firewall, deauthenticating a user on a WLAN Access Point, and more.
7.) Infusion of Security Intelligence
FortiGuard Threat Intelligence and Indicators of Compromise (IOC) and Threat Intelligence (TI) feeds from commercial, open source, and custom data sources integrate easily into the security TI framework. This grand unification of diverse sources of data enables organizations to rapidly identify root causes of threats, and take the steps necessary to remediate and prevent them in the future. Steps can often be automated with new Threat Mitigation Libraries for many Fortinet products.
8.) Large Enterprise and Managed Service Provider Ready — “Multi-Tenant Architecture”
Fortinet has developed a highly customizable, multi-tenant architecture that enables enterprises and service providers to manage a large number of physical/ logical domains and over-lapping systems and networks from a single console. In this environment it is very easy to cross-correlate information across physical and logical domains, and individual customer networks.
Download the brochure below or get in touch with our product manager for free business consultation