Fortinet Extends Scope and Reach of SOC Platform
Fortinet today expanded the scope of its platform for security operations center (SOC) teams to add generative artificial intelligence (GenAI) capabilities, along with additional integrations with third-party platforms and other Fortinet services.
Nirav Shah, senior vice president for products and solutions at Fortinet, said these additions to the FortiAnalyzer platform are part of an ongoing effort to streamline workflows in a way that makes cybersecurity analysts more productive by, for example, providing access to FortiAI, a generative AI tool the company previously launched.
Additionally, FortiAnalyzer takes advantage of a data lake embedded within the Fortinet Security Fabric to provide a consolidated view of network and security logs along with integrations with FortiGuard Indicator of Compromise (IoC) and Outbreak Detection subscription services to improve threat intelligence.
There is also now native integration with FortiAuthenticator, FortiSandbox, FortiWeb, FortiMail and VirusTotal offerings and a set of prebuilt automation packs that provide access to the latest event handlers, playbooks and third-party log parsers that have been made available.
Finally, Fortinet is providing integration with third-party devices and services to make it simpler for cybersecurity analysts to aggregate the data to be analyzed.
The overall goal is to leverage AI to automatically identify high-priority alerts along with the relevant event handlers, correlation rules and reports needed to better enforce zero-trust policies in a way that is affordable to a wider range of organizations, said Shah.
Given the ongoing shortage of cybersecurity expertise, the only way to plug that gap is to rely more on security operations centers (SOCs) to automate a wider range of tasks. Previously, creating the level of automation needed required a level of programming expertise that most cybersecurity teams lacked. However, with the rise of generative AI, it’s becoming apparent that a much wider range of analytics tasks can now be automated. An AI agent, for example, can be trained to explain the level of severity that might be associated with a specific threat.
It’s still early days so far as the adoption of AI within cybersecurity workflows is concerned, but it’s apparent that a lot of the manual toil that previously limited the ability of cybersecurity teams to adroitly respond to threats is going to be sharply reduced. That’s critical because the threats that organizations are now encountering are, thanks in part to the rise of AI, increasing in volume, speed and sophistication, noted Shah. Organizations are essentially now locked in an AI arms race with adversaries, he added.
At the same time, cybersecurity teams, after some initial AI skepticism, are concluding that they would much rather have access to AI tools than continue to perform their duties without these tools. The odds of being successful without AI in an era where a cyberattack can inflict maximum damage in a matter of minutes are simply too high.
The challenge, of course, is finding the funding needed to acquire and deploy AI tools and platforms. As challenging as that is, however, the only thing more expensive is a wave of successful cyberattacks that wreak havoc at a level that makes the investment in AI seem comparatively trivial.
