Watch on YouTube
Watch on Vimeo
Security teams often struggle with disparate security tools and disjointed workflows, leading to delayed threat responses. Fortinet’s presentation at Cloud Field Day showcased how its FortiSOAR platform addresses this challenge by orchestrating threat intelligence from FortiNDR (Network Detection and Response) and FortiCNAPP (Cloud Native Application Protection Platform). This integration seamlessly connects network and cloud threat data, enabling automated responses to reduce SOC workload and accelerate threat mitigation.
The demonstration highlighted how FortiSOAR ingests alerts from various sources, including FortiNDR and FortiCNAPP, correlating them to build a comprehensive picture of an attack. For example, FortiNDR provides network-level details like malicious IP addresses and file downloads, while FortiCNAPP offers insights into cloud-based activity, such as suspicious container behavior. FortiSOAR then uses these combined insights to trigger automated remediation playbooks, such as blocking malicious IP addresses, deleting compromised deployments, and redeploying clean instances.
Furthermore, FortiSOAR leverages AI capabilities, currently utilizing OpenAI’s GPT technology but with the potential for other integrations, to enhance threat analysis and incident response. This AI assistance allows SOC analysts to gain better context from alerts, receive severity assessments, discover similar incidents, and even automate some of the investigative and response processes. This ultimately improves the efficiency and effectiveness of security operations, enabling faster and more accurate threat resolution.
Personnel: Julian Petersohn
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
