Introducing FortiSiem: Security and Compliance Made Easy

Extending the Security Fabric with Advanced Analytics and Security Intelligence

1
SOLUTION SPOTLIGHT:
FortiSIEM

2
FORTISIEM OVERVIEW
AccelOps Founded 2007, acquired 6 Million + Monitored End Points
2016
3rd Generation SIEM Wide range of deployments and scale

Security, Performance & Compliance Extensible API’s

Patented Unified Analytics Platform Virtual Appliance = Faster Time to Value

33
CUSTOMERS AND PARTNERS
MSPS / SI’S / VARS TECHNOLOGY ALLIANCE PARTNERS CUSTOMERS

FortiSIEM

4
CURRENT MARKET– IT NETWORK CHALLENGES

Physical
Infrastructure Cloud
Infrastructure
Thousands of Devices
Physical Physical
Switches Servers
Hundreds of Apps Public
Cloud
Private
Cloud
Deployed
Virtual
Infrastructure
Generating Billions of Events Hybrid
per day and PBs of Data
Cloud

Moblity/BYOD
Virtual Virtual
Networks Servers

5
 SIEM vs. FORTISIEM
Single Pane of Glass

Only NOC & SOC Analytics Infrastructure

Rapid & Flexible Integrations

Secure Devices
Multi-Tenant Architecture Policy
Sandboxing

Rapid Scale Architecture

Real-Time Asset/Config. Discovery

Real-Time Analytics (patented) Secure WLAN Network Secure LAN

Access
Access
Analytics
Application Log Analysis FortiSIEM
Behavior Profiling Secure Cloud

Gartner Data & User Monitoring Email Web

SIEM Criteria Deployment/Support Simplicity
Security Security

Threat Partner
Log Management Intelligence Integrations
Security Fabric
Real-Time Monitoring
Threat Intelligence

6
FORTISIEM ARCHITECTURE

7
SUPERVISOR

The Supervisor is the primary component of FortiSIEM and is used in all deployment models, while the
remaining components are used to scale out the solution based on usage needs.

The Supervisor component is used for the delegation of work and establishes where to log in to the
platform.

8
WORKERs

FortiSIEM workers are used to alleviate and distribute the workload of the Supervisor. You can add
additional workers to meet the growing demands of your expanding infrastructure.

9
COLLECTORs

Collectors are used to gather data remotely and haul it back to the Supervisor/Workers securely. They act
as a “hop box,” giving the FortiSIEM the ability to run scripts and discovery from within a network not within
the immediate domain of the enterprise. This is a very common way for MSSPs to operate in most service
offering scenarios.

10
WINDOWS AGENTS

FortiSIEM also has a highly efficient “agentless” model that can perform device discovery, performance
monitoring, and low-performance log gathering.

For other data that is more performance intensive, the Enhanced Windows Agent gathers additional data
to allow MSSPs to provide the following additional features:
• Installed Software Detection
• Registry Change Monitoring
• File Integrity Monitoring
• Customer Log File Monitoring
• WMI Command Output Monitoring
• PowerShell Command Output Monitoring

MSSPs that choose to leverage this powerful feature will be able to offer an additional level of monitoring
and alerting service to their customer base.

11
WINDOWS AGENTS - Specs

12
FORTISIEM KEY DIFFERENTIATORS

§ NOC & SOC solution in a “Single Pane of Glass”

Holistic view of events across the entire organization

§ Real-Time Correlation of Security & Network Threats

Rapid identification, triage and future prevention

§ Powerful Automated Device Discovery Engine

Self-Learning, Real-Time CMDB

§ Builtin Content – Ready to Go!

600+ Correlation Rules, 2000+ Reports, 200+ log parsing templates, 150K normalized event types

§ Multi-Tenant Architecture
Segment network views into physical, logical dashboards

© 2016 AccelOps

1313
 FORTINET SECURITY FABRIC
Global Intelligence

Scale Client Security Alliance Partners

Awareness
IoT Cloud Security

Security
Actionable
Open
Fortinet
+ Operational Security Fabric

with FortiSIEM Secure LAN Access

Application
Security

Local
Intelligence

Secure WLAN Access

Network Security

FortiSIEM

14
Licensing

§ Key areas to determine license size

» Enterprise or Service Provider (Multi-Tenant) License
» Number of devices being monitoring (Core Datacenter)
» Total number of EPS
» Windows Agents (SIEM) – Basic and Advanced
» Cloud Applications (Salesforce)

© 2016 AccelOps

1515
FORTISIEM as a SERVICE

16
HOSTED FORTISIEM

As an MSSP, one service offering is to host a FortiSIEM service in

the cloud for your more cybersecurity-aware partners. NOC/ SOC
roles such as the management of assets, events, discovery,
reports, forensics, and analysis can all be handled by the
partner/customer logging into the MSSP-hosted platform.

17
HOSTED FORTISIEM & MANAGEMENT

In many cases, customers that require enhanced security awareness do

not have the staff to manage those tasks. In such cases, the MSSP can
provide a service to offload this role for their end customers. By offering
services to perform the day-to-day activities required to keep customers
compliant, businesses can focus on their core priorities with the comfort
of knowing they are being kept compliant through another entity.

18
HOSTED FORTISIEM HYBRID

Sometimes, a customer has minimal IT staff that allows them to handle

certain functions, but not all the elements of maintaining the day-to-day
operations of a SIEM. In these cases, the MSSP can provide selected
services, by functionality, allowing them to focus only on those needs
that the customer does not have the resources to handle on their own.

19
FORTISIEM SIZING

20
FORTISIEM REPORTING

21
MULTITENANT ENVIRONMENT
23
24
25
26
GUI OVERVIEW
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68