Product Id: 34171024
Description: FortiSiem Indicator of Compromise Service - Subscription license renewal (5 years) - 1-300 points - for P/N: FSM-2000F, FSM-3500F, FSM-500F
Mfr Part #: FC4-10-FSM98-149-02-60
Fortinet has developed an architecture that enables unified and cross-correlated analytics from diverse information sources including logs, performance metrics, SNMP traps, security alerts and configuration changes. FortiSiem essentially takes the analytics traditionally monitored in separate silos from - SOC and NOC - and brings that data together for a more holistic view of the threat data available in the organization. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for handling real-time searches, rules, dashboards and ad-hoc queries.
- Unified, real-time, network analytics
- Single IT pane of glass
- NOC analytics
- Cloud scale architecture
- Distributed real-time event correlation
Distributed event correlation is a difficult problem, as multiple nodes have to share their partial states in real-time to trigger a rule. While many SIEM vendors have distributed data collection and distributed search capabilities, Fortinet is the only vendor with a distributed real-time event correlation engine. Complex event patterns in real time can be detected with minimal delay. This patented algorithm enables FortiSiem to handle a large number of rules in real-time at high event rates for greatly increased detection time frames.
- Real-time, automated infrastructure discovery
Rapid problem resolution requires infrastructure context. Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover and map the topology of both physical and virtual infrastructure, on-premises and in public/private clouds simply using credentials without any prior knowledge of what the devices or application is.
- Threat feed integration
There are many sources available for customers to subscribe to external threat feeds in managing potential threats in their network. However, threat feed information can be very large, often reaching millions of IP addresses, malware domains, hashes and URLs, and the information can also quickly become stale as malware websites and domain are taken down and brought up. This provides a significant computational challenge to the consumers of threat intelligence data. Fortinet has developed proprietary algorithms that enable this large amount of information to be quickly obtained from the source, then effectively distributed to various FortiSiem nodes and evaluated in real-time at higher rates than other providers.