Chris Borales, Director, Product Marketing

Kevin Faulkner, Director, Product Marketing

What’s Driving Cybersecurity Decisions?
Driving Infrastructure Evolution Evolving Threat Landscape

How we interact with customers, suppliers, Cybercriminals are adopting APT-like tactics to
infrastructure, and employees is changing develop and scale attacks faster than ever

Work from Anywhere Digital Acceleration

Cloud Nation Ransom as
Sponsored a Service

Kaseya Hermetic REvil

VSA Wiper

Operational Technology
Application Journey Connectivity
Growing Attack
Surface AI-enabled OT

SolarWinds | Log4j Swarmbot Colonial

Wipers |
Pipeline

© Fortinet Inc. All Rights Reserved. 2

 Anatomy of a Ransomware Attack

DeliverRansomware.com MaliciousC2.com

The attacker Credential Attacker exfiltrates

has three 1 phishing
sensitive data
initial vectors
7

Infected hosts 8
download and execute 3
Compromised third-party second stage payload
contractor credentials
6
Lateral Privilege App Server Second stage
Movement Escalation
Perimeter Security 5 4 payload calls out
(NGFW/IDS/IPS/AV) Resources are encrypted and to C2 server
organization is extorted

Externally facing
server exploitation Client Server

Attacker pivots to AD
domain controller Sales Dept. R&D Dept. Servers

Attacker distributes
Active Directory
Domain Controller
loader to hosts

© Fortinet Inc. All Rights Reserved. 3

 Anatomy of a Ransomware Attack

DeliverRansomware.com MaliciousC2.com

The attacker Credential Attacker exfiltrates

has three 1 phishing
sensitive data
initial vectors
7

Infected hosts
download and execute 3
Compromised third-party second stage payload
contractor credentials
6
Lateral Privilege App Server Second stage
Movement Escalation
Perimeter Security 5 4 payload calls out
(NGFW/IDS/IPS/AV) to C2 server

Externally facing
server exploitation Client Server

Attacker pivots to AD
domain controller Sales Dept. R&D Dept. Servers

Attacker distributes
Active Directory
Domain Controller
loader to hosts

Standard prevention tools Advanced Detection and Inc.

© Fortinet Response
All Rights Reserved. 4
Challenge: Security Operations
Keeping pace with evolving threat landscape across an expanded attack surface

Expanded Attack Surface: Digital innovation

(including WFA, cloud, and supply chain)- has
expanded the attack surface and cyber exposure

Evolving and Evasive Attacks: Increasingly

sophisticated multi-stage campaigns mimicking
legitimate activities often evade security.

Security Complexity: Large number of security

products & consoles, slow identification and
response, exacerbated by the cyber skills shortage

Go Back End © Fortinet Inc. All Rights Reserved. 5

Simple View of Advanced Detection & Response

Enterprise-wide detection
SIEM SOAR

Centralized & automated investigation & response

EDR NDR XDR

Specialized advanced detection & response

Cross-domain advanced detection & response

Log/event collection & analysis
Correlation + analysis, detection, compliance

Frontline protection Immediate prevention at the point of attack

FW/IPS, EPP/EDR, Email, Web, Cloud…

© Fortinet Inc. All Rights Reserved. 6

Setting Your Priorities

• Critical security gaps

SIEM SOAR
• Current SecOps maturity
• Analyst expertise
EDR NDR XDR
• Infrastructure complexity
• Budget constraints
Log/event collection & analysis
• Risk tolerance
• Managed Services preferences
Frontline protection
FW/IPS, EPP/EDR, Email, Web, Cloud… • Advisory Guidance

© Fortinet Inc. All Rights Reserved. 7

SaaS – Lowering the Barrier to Entry

Simplified Operations
Expanded SOC Capabilities
Simplify infrastructure, reducing operational complexity
across the organization

AI and Automation AI-enabled Detection Enterprise

& Analysis Visibility
Reduce workload and improve efficiency by harnessing the
power of AI and automation tools for detecting & responding to
threats across the attack surface

Reduced Total Cost of Ownership

Task/Workflow
Strengthen security posture while eliminating the costs of
management and maintenance of on-prem solutions Automation

© Fortinet Inc. All Rights Reserved. 8

Fortinet’s SOC SaaS Solutions

SIEM SOAR FortiSIEM FortiSOAR

EDR NDR XDR FortiNDR

Log/event collection & analysis FortiAnalyzer

FortiGuard Security Assessment Service

Focus of today’s session © Fortinet Inc. All Rights Reserved. 9

Fortinet Advanced Detection & Response
Leveraging AI and automation for advanced detection, investigation and response

Enterprise-wide Multivendor Infrastructure

Fortinet Security Fabric

FortiAnalyzer FortiNDR FortiSIEM FortiSOAR

Visibility, Network Detection, SecOps

Analytics, Detection Investigation, Orchestration
Automation & Response & Response & Automation

Across the entire attack lifecycle © Fortinet Inc. All Rights Reserved. 10
Simplified Operations with FortiAnalyzer

Normalized data analytics with ML to detect

incidents across the Fortinet Security Fabric

Consolidated Fabric Visibility

Threat Intelligence & Rules Detect Known Attacks

Fabric Management & Response Automation

SOCaaS for Staff Augmentation © Fortinet Inc. All Rights Reserved. 11

FortiNDR
Completing the puzzle with NDR

FortiNDR
Internet & Cloud
Security
Traffic Analysis
SOC Next Gen
Response Firewall
Triage and Hunt

Machine Learning/AI FortiNDR

IOT
365-day Retention Devices
Servers

Guided-SaaS Delivery EDR Solution

Endpoints

© Fortinet Inc. All Rights Reserved. 12

FortiSIEM – Comprehensive SOC Platform

Collect & Classify Detect & Investigate &

Normalize & Enrich Correlate Respond

Collect & Monitor Detect Respond

Automatic State Performance Risk Behavioral
Discovery
Investigation Response
Monitoring Monitoring Monitoring Analytics
Serv ers Hardware / OS Conf igs Av ailability & Perf ormance Incident Dashboards External Ticket Integration
Dev ice Risk Score User
Summary

Uptime & Round Trip Threat Intelligence Automated Response

Dev ices User / Identity Mapping Dev ice MITRE ATT&CK
Response Actions

FortiSOAR Play books &

Endpoints File Integrity Monitoring CPU and Memory Geolocation Serv ice / App Logs Threat Hunting
Workf lows

Network Interf ace Multi-User Case

Users Vulnerability Assessment SLA & Escalation Network Logs Case Notes & Timeline
Utilization Management

Applications Multitenant & Reporting

Business Serv ices Impact Sy nthetic Transaction False Positiv e Reduction Network Flow
Granular RBAC

Enterprise-wide visibility, UEBA, threat detection & response,

CMDB, asset monitoring, compliance, and more
© Fortinet Inc. All Rights Reserved. 13
FortiSOAR

Connect anything – automate everything

500+ integrations, 800+ playbooks, robust use-case
solutions for SOC/NOC/OT

Security incident response

Automated triage, enrichment, investigation, case mgmt,
collaboration, and response actions

Threat Intelligence management

Powered by FortiGuard Labs and any public source
Enterprise & MSSP

Asset and vulnerability mgmt

IT/OT risk-based tracking and remediation playbooks

Centralize, standardize & automate No/low-code playbook creation

Patented development modes for any user and workflow
IT/OT security operations
© Fortinet Inc. All Rights Reserved. 14
FortiGuard SOC Assessment
Expert analysis to identify SecOps gaps, chart strategies, and prioritize investments

Organization Visibility Response Evolution

• Governance • Use cases • Operations • Vision & strategy
• Privacy & policy • MITRE ATT&CK • Assets • KPIs & Metrics
• Talent planning • Technology & Tools • Configuration • Tooling and personnel
• SOC Management • SIEM • Incident Response ratios
Processes • Logging & alerting • … • Management reporting
• etc. • Threat Intel & • SOAR • Dashboards
processes
• Capabilities • Advisories
• Automation
• etc. • SOC reporting &
• Endpoint detection optimization
• ….
• Threat hunting

© Fortinet Inc. All Rights Reserved. 15

Fabric Solution: SaaS-based SOC Solutions
AI-driven coordinated protection across an expanded attack surface

Integration with distributed security controls

across network, endpoint, application and
Faster Mean time to Detect Faster Mean time to Contain cloud covers the expanded digital attack surface

-54 days -20 days Artificial Intelligence applied across the cyber
kill chain detects components and activity
designed to bypass traditional security and hide
among legitimate operations

Automation speeds a comprehensive,

coordinated response and eases the burden on
Lower Average Breach Cost in-house security teams

-$3.05M
© Fortinet Inc. All Rights Reserved. 16
Ponemon. 2022 Cost of a Data Breach Survey. Use of AI and Automation.
Fortinet Approach: Automated SOC
AI-driven coordinated protection across an expanded attack surface

Early Detection (EDR | NDR | Deception | Recon)

Endpoint and other behavior-based sensors to
detect and stop attacks along the kill chain

Log Analysis & SIEM

Visibility and ML analytics to detect incidents
across the Fortinet Security Fabric and
enterprise-wide attack surface

SOAR
Orchestration / automation for faster, synergistic
investigation and response

SOC Augmentation Services

Specialized skills (IR), attack assessment and
training supplement in-house teams

AI-powered Security Services

Intelligence and engines to power rapid detection
and response
© Fortinet Inc. All Rights Reserved. 17
Fortinet SaaS SOC Solutions

Eliminates the costs of management and

Simplifies security maintenance of on-prem solutions

operations across Simplifies infrastructure, reducing operational

your organization complexity across the organization
Reduces workload and improve efficiency by
harnessing the power of AI and automation
tools

© Fortinet Inc. All Rights Reserved. 18

Q&A