Sponsored By

As the market for threat detection and response grows, FortiSOAR ensures that MSSPs are able to provide differentiated service portfolios to their customers.

Fortinet Guest Blogger

December 21, 2020

6 Min Read
Differentiated service portfolios
Getty Images

As more businesses digitize their offerings, the market for security service providers has grown substantially. With this growth has come increased competition between MSSPs and third-party service providers, as they both target the same market and provide the same services. This means that in order to stay competitive, MSSPs must be able to offer differentiated service portfolios that meet the specific needs of their customers.

This is where Fortinet’s FortiSOAR platform can be of use. FortiSOAR is a vendor agnostic security orchestration, automation and response (SOAR) platform designed to help SOC teams streamline threat identification and response by eliminating manual processes. By integrating this into a customer’s existing security infrastructure, FortiSOAR allows MSSPs to offer a customized security framework that unifies operations. With a customized SOAR solution, customer SOC teams are better equipped to manage the evolving threat landscape, allowing them to take a proactive approach to security.

Key Features of the FortiSOAR Platform

To keep pace with today’s threats, organizations are increasingly implementing point solutions across their networks. While these can help bolster security, they also fragment security infrastructures, limiting the SOC team’s ability to accurately identify threats. This creates a number of challenges for security teams, including alert fatigue, non-compliance with regulations and slower response times. FortiSOAR addresses these challenges by centralizing key security features in one platform, thereby eliminating the need for point solutions. Let’s take a look at some of the key features of the FortiSOAR platform:

Role-Based Incident Management

FortiSOAR’s Enterprise Role-Based Incident Management solution provides SOC teams and other cybersecurity teams within the organization (forensics, data loss and prevention teams, etc.)  with role-based access control capabilities. This allows them to segment and manage sensitive data in accordance with administrative policies and guidelines. With a customized view of network assets, analysts are able to prioritize threats in real time, improving incident response. In addition, FortiSOAR’s Recommendations Engine is able to link and predict the severity of incidents based on past reports, aiding SOC analysts in identifying duplicates or false positives.

  • Role-Based Dashboards and Reporting

Role-based dashboards and reporting empower customers to measure, track and analyze threat investigations, as well as SOC performance. FortiSOAR’s library of 10-plus OOB industry-standard dashboards and customizable templates ensures that SOC teams can access the tools they need to optimize their available time and resources.

FortiSOAR also provides comprehensive reports for incident closure, incident summary and incident progress. Using insights from these reports allows SOC teams to easily track key performance metrics and identify where optimizations can be made.

  • Multi-Tenancy

FortiSOAR provides distributed multi-tenant product offerings with scalable, secure and distributed architectures, allowing MSSPs to offer MDR-like services. This led one of FortiSOAR’s MSSP customers to develop a seven-figure revenue stream. With the ability to automate tenant workflows remotely, managing individual customer ecosystems becomes streamlined, enabling security efficacy. FortiSOAR also involves customers in approval requirements by providing them with personalized alerts, incident views, and dashboards.

  • Visual Playbook Builder

FortiSOAR’s Visual Playbook Designer allows SOC teams to design, develop and use playbooks in the most efficient manner. The designer facilitates playbook creation by providing an intuitive drag and drop interface that strings together multiple steps, including playbook simulation, workflow code execution, looping and error handling. This requires no advanced programing skills and comes with over 150 OOB playbooks, half which are dedicated for threat hunting efforts. The platform also gives customer SOC teams the ability to automate workflows, enhancing their vulnerability management and regulatory compliance capabilities.

  • Case Management

FortiSOAR enables comprehensive case management by providing OOB modules for incident response, vulnerability management and fraud. MSSPs can also build custom modules to meet individual customers’ security requirements so that they can continue to support their business objectives as they grow and their networks become more complex.

FortiSOAR Use Cases for MSSPs

As part of Fortinet’s integrated Security Fabric architecture, FortiSOAR unifies security tools in a single centralized platform. This allows SOC teams to automate alert triage and investigation processes, freeing up time to focus on more critical tasks. Below are four key use cases that demonstrate the immediate value FortiSOAR offers to SOC teams:

  1. Unified SOC Workbench

 FortiSOAR simplifies SOC operations by integrating point security solutions into a centralized orchestration system that can be seamlessly deployed across network environments. This enables SOC teams to operate FortiSOAR with existing security solutions, providing a centralized point of visibility and control. Furthermore, it helps eliminate ecosystem fragmentation while also extending the life of existing tools, maximizing the return on investment for those purchases.

  1. Automated Alert Triage

 FortiSOAR aggregates security alerts while also providing threat context, helping accelerate time to resolution. This reduces the number of “false-positive” alerts and enables threat prioritization based on severity levels, assigned tasks and subroutines. Using automation, FortiSOAR simplifies complex exchange-to-exchange tasks such as triage, enrichment, investigation and remediation by correlating alerts from across a security stack. These integration and automation capabilities help eliminate many of the burdens associated with alert fatigue, reducing SOC team workloads.

  1. Augmenting the SOC to Accelerate Incident Response

 Having multiple manual workflows can impede alert investigations by increasing the risk of human oversight. FortiSOAR remedies this threat by augmenting the SOC using it’s automation features while working off of products such as FortiAnalyzer and FortiSIEM. This enables robust orchestration and automation of all SOC processes, improving overall security.

By automating the SOC, security teams can increase operational efficiency, as well. Where it makes sense, SOC teams can set threshold conditions at which FortiSOAR will immediately leverage different controls to achieve an optimal threat response. This allows SOC teams to reduce incident response time by as much as 98% as FortiSOAR automated processes can complete various manual tasks in a total of 20 minutes, on average.

  1. Unburdening Limited SOC Team Resources

Using automation, FortiSOAR reduces manual labor and the time and costs associated with security incident response. As threats become more sophisticated, increased SOC efficiency will play a key role in reducing the total cost of ownership (TCO) for network security. FortiSOAR works to reduce staff burden by allowing SOC teams to set customized security playbooks and responses as they relate to their specific frameworks and requirements. This minimizes manual input during alert triage, threat responses, reducing the overall workload.

Final Thoughts

With FortiSOAR integrated into their service delivery platform, MSSPs are able to offer hyper responsive, customized services with optimum security efficacy that actively address the challenges SOC teams face as a result of the expanding attack surface. As the market for SOAR grows, FortiSOAR ensures that MSSPs are able to provide differentiated services that allow them to take advantage of new sales opportunities.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like