Fortinet NOC-SOC

Fortinet NOC-SOC is the integrated solution intended for automation of IT processes and response to threats.

The management tool and the analysis combines in itself functions of the network operational center (NOC/Network Operational Center) and the center of execution of operations of security (SOC/Security Operation Center) for the purpose of elimination of vulnerabilities between separate technologies. In the solution possibilities FortiManager FortiAnalyzer FortiSIEM of products 6.0, 6.0 and 5.0 are integrated.

As a part of adaptive system of network security of Fortinet the following is among the integrated NOC and SOC functions:

• Centralized operation of NOC-SOC
  • The latest version of means of centralized operation by a security system of FortiManager is equipped with own control function by the solution FortiAnalyzer. All yielded, analysis results, controls and representations are displayed in the single window intended for administration of the transactions NOC and SOC.

• Complex function of tracking of a status of elements and transactions.
  • FortiSIEM creates a uniform operational context of the database of management of a complete configuration (CMDB) which includes relevant and exact state-of-health data of all resources. Also the solution performs search and adding of the resources passing into the mode of connection to network. Now security services can take advantage of topology of adaptive system of network security by means of the solutions FortiManager and FortiAnalyzer intended for graphical representation of data on active resources, their status and threats in the form of the card. This consolidated representation of transactions and components of security in the NOC-SOC systems promotes process automation and allows security services to select optimal measures quickly.

• Function of assessment of the features of the system of security which are giving in to measurement.
  • Function of assessment of security systems continuously analyzes a status of elements of adaptive system of network security for the purpose of development of advanced methods of security and improvement of transactions in the NOC and SOC systems on the basis of quantitative indices. Besides, FortiAnalyzer traces estimates of security systems in time for the purpose of identification of trends and indicators of payback of initiatives in the field of security. The solution performs contrastive analysis of indicators of a corporate system of security of rather similar indicators of other organizations in the industry and represents results depending on the region size.

• Automation of application of response measures to all means through ServiceNow.
  • The technologies developed by ServiceNow company support integration with adaptive system of network security. The incidents created by means of the solutions FortiAnalyzer or FortiSIEM in a security system automatically are transferred to the ServiceNow Security Incident Response application, at the same time incidents are followed by the tickets containing data of the analysis of threats. The analysts working with the ServiceNow platform can define a method of elimination of an incident and select adequate measures from the directory of response measures. Those response measures which require making changes in a device configuration are implemented automatically by means of the solution FortiManager. Thanks to such approach there is a closed guidance loop integrating a security service and operational group.

2018: Release

The Fortinet company announced on April 24, 2018 a release of specially developed solution NOC-SOC which eliminates gaps between workflows, transactions of the analysis and the automated functions of reaction within operational processes and processes of security.

The solution Fortinet NOC-SOC combines functions of means FortiManager FortiAnalyzer FortiSIEM 6.0, 6.0 and 5.0, creating a uniform operational context of NOC (Network Operational Center). As explained in Fortinet, it is about a status and availability of applications and also about network performance. Also security system state-of-health data which source is SOC (Security Operation Center) are used. It is information on such processes as identification of violations, blocking of extraction of data and detection of the compromised nodes. At this level of management and automation the traditional isolated functions are brought together thanks to what in the course of work each group can consider the interests of other groups.

So, within this model of the SOC group can browse in real time data on a current status of all resources and on their owners. In case of threat identification such approach allows to determine quickly the scale of this threat and to automatically take measures for elimination of damage.

Function of assessment of security systems combines analytical components of the solutions FortiGate, FortiAnalyzer and FortiManager with services of collection of data on threats of FortiGuard for the purpose of ensuring such characteristics of corporate security which give in to quantitative determination. Function of assessment includes expanded rules of audit and also an appraisal remedy of risks and contrastive analysis of the organizations by means of the configured technology of audit on the basis of components of network environments.

Thanks to functions of tracking of responses to threats users can automate taking measures of reaction for separate solutions as on the basis of certain triggers (system events, notifications about threats, a status of users and devices), and due to direct integration with function ServiceNow IT Service Management (ITSM).

In general the approach to management involving the NOC-SOC centers increases efficiency of tracking of transactions of security thanks to graphical representation of topology of adaptive system of network security and expansions which are implemented into private and public cloud environments using dynamic objects of policy, noted in Fortinet.

The lack of the personnel in the field of information security becomes more and more obvious phenomenon, and stable functioning of digital business requires maintenance of efficiency of transactions and processes of security at the highest level. In these conditions the problem of development of new approach which provides a possibility of tracking and system management of NOC in parallel with process automation and reactions in the SOC system became relevant. The Fortinet company presents the set-up solution NOC-SOC which eliminates a gap between IT technologies for the purpose of ensuring automatic acceptance of large-scale responses to threats — John Maddison, the senior vice president of marketing department of products and solutions of Fortinet company told.