Event Correlation & Advanced Threat Detection Customizable NOC/SOC dashboards provide management, monitoring, & control over your network Supports thousands of FortiGate and FortiClient agents Deploy as an individual unit or optimized for a specific operation Simple and intuitive Google-like search experience and reports on network traffic Automated Indicators of Compromise (IOC) - Scans security logs using FortiGuard IOC Intelligence for APT detection
FortiAnalyzer's Incident Response capability improves Management & Analytics with focus on event management and identification of compromised endpoints. Use improved default and custom event handlers to detect malicious and suspicious activities on the spot. Integration of events with the FOS automation framework for automated endpoint quarantine. Incident detection and tracking, as well as evidence collection and analysis are streamlined through integration with ITSM platforms, helping to bridge gaps in your Security Operations Center and reinforce your Security Posture.
FORTIVIEW ” POWERFUL NETWORK VISIBILITY
Provides a customizable interactive dashboard that helps you rapidly pinpoint problems, with intuitive summary views of network traffic, threats, applications and more. FortiView is a comprehensive monitoring system for your network that integrates real-time and historical data into a single view. It can log and monitor threats to networks, filter data on multiple levels, keep track of administrative activity, and more.
You can generate custom data reports from logs by using the Reports feature. FortiAnalyzer provides 30+ built-in templates that are ready to use, with sample reports to help identify the right report for you. Run reports on-demand or on a schedule with automated email notifications, uploads and a easy to manage calendar view. Create custom reports with the 300+ built-in charts and datasets ready for creating your own custom reports, with flexible report formats include PDF, HTML, CSV and XML.
INDICATORS OF COMPROMISE
The Indicators of Compromise (IOC) summary shows end users with suspicious web usage compromises. It provides information such as end users IP addresses, host name, group, OS, overall threat rating, a Map View, and number of threats. You can drill down to view threat details. To generate the Indicators of Compromise, FortiAnalyzer checks the web filter logs of each end user against its threat database. When a threat match is found, a threat score is given to the end user. FortiAnalyzer aggregates the threat scores of an end user and gives its verdict of the end user s overall Indicators of Compromise. The Indicators of Compromise summary is produced through the UTM web filter of FortiGate devices and FortiAnalyzer subscription to FortiGuard to keep its local threat database synced with the FortiGuard threat database.
FortiAnalyzer-VM integrates network logging, analysis, and reporting into a single system, delivering increased knowledge of security events throughout a network. Utilizing virtualization technology, FortiAnalyzer-VM is a software-based version of the FortiAnalyzer hardware appliance and is designed to run on many virtualization platforms. It offers all the features of the FortiAnalyzer hardware appliance.
FortiAnalyzer-VM provides organizations of any size with centralized security event analysis, forensic research, reporting, content archiving, data mining, malicious file quarantining and vulnerability assessment. Centralized collection, correlation, and analysis of geographically and chronologically diverse security data from Fortinet appliances and third-party devices deliver a simplified, consolidated view of your security posture.