cl-au logo
Story image

Fortinet SOARs to new heights of protection on the wings of AI & automation

04 Sep 2020

Jon McGettigan, Fortinet A/NZ Regional Director, talks about SOAR (security orchestration, automation and response) and explains that effective SOAR starts with your security policy.

Real-time security events require real-time response. We’re talking nanoseconds. No human can react fast enough (it’s taken you billions of nanoseconds to even read this far!). The most effective way to identify, isolate and mitigate fast-moving cyber-attacks is through a comprehensive fabric of inter-related security services and artificial intelligence-driven automation. 

Known as SOAR (security orchestration, automation and response), this approach is gaining traction to counter zero-day threats, targeted attacks, known exploits and an ever-increasing line-up of adversaries.

Outside the core

This is especially true as your network expands beyond the core and perimeter with multiple edges such as the cloud edge, the endpoint edge, the WAN edge and the new 5G edge. All of these edges have to be secured to the same level as the core and these security services all have to communicate with each other in near real-time. Any weak link in the security chain represents an unacceptable risk.  

SOAR is most effective when it is deployed in parallel with all of your network services regardless of physical form factor. In-house, virtual, in the cloud or as a service. SOAR is based on granular-level visibility and a comprehensive security policy including event thresholds, alerts and manual over-rides. 

SOAR backs up your SOC (security operations centre) team, reduces the number of false positives and automates many of the day-to-day SOC tasks that distract staff from proactive protection. Indeed, SOAR is a vital bridge between SOC and NOC (network operations centre) teams and provides a framework for monitoring, compliance and reporting. In short, today’s dynamic networks require equally dynamic security and that is exactly what SOAR provides.

Security policy at the heart of SOAR

Extending your security services and common security policy to all nodes on your network is essential to eliminate gaps in your defences, reduce the risk of adversary-led interruptions and, most importantly, set the stage for SOAR. 

Your security policy articulates who has access to what, the tools to enforce those rules and a set of procedures to detect, isolate and mitigate anomalous activity. SOAR automates many of these security policy tasks and, in fact, supports and simplifies both NOC and SOC operations.

Most enterprises have a well-developed NOC. You know what network services you have, where they are located, how they are accessed and who uses them. Your network services have to interact together…otherwise users don’t have the access they need. 

Your SOC should be equally comprehensive. You should be able to monitor your network services, set thresholds for unusual activity and have procedures in place to detect, isolate and mitigate anomalous activity. Many of these tasks can be automated with SOAR. Indeed, the application of artificial intelligence to your security framework can reduce the number of false positives and help you manage your network more efficiently.

Implementing SOAR

By definition, SOAR is predicated on real-time communications amongst all of your security services. Any gaps in your security profile – at the core, perimeter or any of the edges - equate to a gap in your SOAR’s effectiveness. And SOAR requires real-time threat intelligence to keep pace with fast-moving malware and viruses. 

To fully support SOAR, it is essential to consolidate your security services into a common Security Fabric – such as Fortinet’s – and protect every node. A mix of point solutions from different vendors that operate as silos cannot orchestrate efficiently to resolve any security issues. And, again, any weak spot in your defences can spell disaster.

Fortinet’s Security Fabric is the only solution on the market that fully supports SOAR. It is broad enough to protect your core, perimeter and edges. It can be managed from a user-friendly SOC/NOC console. And it can eliminate any weak links in your security profile.

Fortinet’s comprehensive unified Security Fabric Services are available from a network of Authorised Partners across A/NZ as appliances, virtual appliances and cloud-based or managed services. Fortinet’s Security Fabric is backed by the global constellation of FortiGuard Labs to ensure that your defences are always updated with the very latest threat intelligence. And Fortinet’s commitment to research and development mean that, regardless of which way your network evolves, Fortinet will be right there with the fully-integrated security services to protect it.

About the author

Jon McGettigan is Fortinet’s Australia, New Zealand & Pacific Islands Regional Director. As such, he is responsible for driving Fortinet’s continued expansion in the region through building and maintaining relationships with businesses, partners and staff. As a senior executive, he understands the risks, motivations and opportunities that face IT managers as they transform their networks into 21st century revenue centres.

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprises, service providers and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.