- ServiceNow collaboration automates workflows and security response
Fortinet, a global player in broad, integrated and automated cybersecurity solutions, has announced the industry’s first purpose-built NOC-SOC solution that bridges workflows, analysis and automated response across operational and security processes.
Building on the Fortinet Security Fabric architecture, Fortinet has combined the latest analytics capabilities of FortiManager 6.0, FortiAnalyzer 6.0 and FortiSIEM 5.0 with threat intelligence services from FortiGuard to provide enterprises with a unique NOC-SOC management and analytics solution. The NOC-SOC approach to management enables enhanced security operations visibility with a new graphical Security Fabric topology view and extensions into both private and public cloud environments, with dynamic policy objects.
According to a recent Global Information Security Workforce Study, the cybersecurity workforce gap is expected to reach 1.8 million by 2022, even as 66% of the respondents reported not having enough workers to address current threats. The workforce shortage and complexity of new environments demands a new approach to security management.
Integration across security disciplines – not merely products – enables a greater level of visibility, control and operational management. Fortinet’s new NOC-SOC solution combines the latest capabilities of FortiManager, FortiAnalyzer and FortiSIEM to derive the operational status of the NOC - such as appliance status, network performance and application availability - with the security insights of the SOC, including breach identification, stopping data exfiltration, and uncovering compromised hosts.
This level of management and automation crosses traditional siloed functions, allowing each team to operate with the benefit of the other’s perspective. In this new model, once a threat is identified, the SOC teams have a real-time view of all assets, their current state and who owns them, allowing them to immediately understand the scope of the threat and automatically orchestrate action to remediate damage.
John Maddison, Senior VP of Products and Solutions at Fortinet said, “Both security and IT teams are challenged by resource constraints, yet workloads and the rate of cyber threats continue to rise in scope and complexity. As the industry faces a cyber talent shortage and the pressure to maintain operational efficiency and security efficacy is critical for digital business, a new approach is needed that brings visibility and control into the NOC with workflow and response automation in the SOC. Fortinet is introducing a customised NOC-SOC solution that bridges the gap across IT disciplines to achieve broad and automated security response.”
Integration across security disciplines – not merely products – enables a greater level of visibility, control and operational management. Fortinet’s new NOC-SOC solution combines the latest capabilities of FortiManager, FortiAnalyzer and FortiSIEM to derive the operational status of the NOC - such as appliance status, network performance and application availability - with the security insights of the SOC, including breach identification, stopping data exfiltration, and uncovering compromised hosts.
This level of management and automation crosses traditional siloed functions, allowing each team to operate with the benefit of the other’s perspective. In this new model, once a threat is identified, the SOC teams have a real-time view of all assets, their current state and who owns them, allowing them to immediately understand the scope of the threat and automatically orchestrate action to remediate damage.
John Maddison, Senior VP of Products and Solutions at Fortinet said, “Both security and IT teams are challenged by resource constraints, yet workloads and the rate of cyber threats continue to rise in scope and complexity. As the industry faces a cyber talent shortage and the pressure to maintain operational efficiency and security efficacy is critical for digital business, a new approach is needed that brings visibility and control into the NOC with workflow and response automation in the SOC. Fortinet is introducing a customised NOC-SOC solution that bridges the gap across IT disciplines to achieve broad and automated security response.”
The new features and capabilities in the Fortinet Security Fabric that provide integrated NOC and SOC functionality include:
Centralised NOC-SOC management
The latest release of FortiManager, Fortinet’s centralised security management, now natively manages FortiAnalyzer, incorporating all data, analysis, control and perspective in a single pane-of-glass view of NOC and SOC operations.
Security and operations visibility
FortiSIEM brings together the operational context of a full configuration management database (CMDB), including accurate, up-to-the-minute status on all assets, while proactively searching and adding new assets as they come online. Security teams now also benefit from a fabric topology within FortiManager and FortiAnalyzer, graphically displaying a map of current assets, their status and security threats. This NOC-SOC consolidated view of operations and security unlocks automation and enables security teams to act more quickly and efficiently.
Measurable security posture assessments
Cross-silo automation with ServiceNow
A new Security Rating feature combines analytics from FortiGate, FortiAnalyzer and
FortiManager with threat intelligence services from FortiGuard to
provide enterprises with a quantifiable
security posture. The feature continuously evaluates Security Fabric elements to quantify the implementation of security best practices with suggestions on ways to improve operations across the NOC and SOC.
The rating includes expanded audit rules, risk scoring and industry benchmarking with custom auditing based on network environments. FortiAnalyzer tracks Security Ratings over time to indicate trends and prove return on investment of security initiatives, while also providing a comparison view of a security posture versus industry peers, based on size or region.
New incident response (IR) tracking capabilities allow users to automate responses across silos based either on predefined triggers (system events, threat alerts, user and device status) or through direct ServiceNow IT Service Management (ITSM) integration.
As a Fabric-Ready partner, ServiceNow is being integrated into NOC-SOC-based workflows to span operational silos. Security incidents created in FortiAnalyzer or FortiSIEM, with appropriate evidence and forensics added to the ticket, are automatically passed to ServiceNow Security Incident Response. Analysts working from the ServiceNow platform can determine how to resolve the incident and choose from a catalogue of responses. Responses that require changes to device configuration are automatically implemented through FortiManager, thus closing the loop and seamlessly bridging the security and operation teams.
“As customers introduce new cloud technologies that expand their attack surface, IT and security workflows must be more closely integrated to ensure effective security response. Through our collaboration with Fortinet, our joint customers benefit from automated escalation and management of cybersecurity issues detected through Fortinet products and remediated through the ServiceNow platform,” said Odin Olson, Senior Director of Business Development at ServiceNow Security Operations.
Hashtag: #RSAC
No comments:
Post a Comment