DATA SHEET

FortiCloud SOC-as-a-Service™
Available in:

Cloud

FortiCloud SOCaaS
This managed service provides scalable Why Fortinet
security operations designed to help you § Security focused skill staff with
maintain continuous Cyber Awareness technical expertise on Fabric
Devices and Incident Response
and Control of your Fortinet Security
(IR) best practices
Fabric network.
§ Orchestration, Automation &
FORTINET SOC ANALYSTS MONITOR CUSTOMER’S NETWORK FOR SECURITY Response with pre-built threat
EVENTS, TRIAGE ALERTS AND ESCALATE THREATS Use Cases and Playbooks
§ Best of Breed Fabric based
Detect Investigate SOC Platform
§ 7x24x365 Security § Automated Correlation, § Global SOC locations
Operation Analysis and Context
Enrichment using SOAR
§ Compromised Hosts
Playbooks
§ Malware Detection
§ Alert Triage on Incident
§ Unauthorized Access Types
§ Policy Violation § Incident Analysis, Validation
§ Command & Control & & Severity Ranking
Botnet

Respond Monitoring 7x24x365 Monitoring by Expert

§ End-to-End Workflow § FortiGuard Threat Analysts around the Globe
§ SOP & Playbooks Intelligence

§ Incident & Ticket § Cyber Kill Chain Tracing

Management § Indicators of Compromise
§ Communication & § Suspicious Activities
Escalation Path SLA
§ Privileged Access
§ Remediation Monitoring
Recommendation
§ Policy Violation &
Misconfiguration
§ Vulnerability Monitoring
Management & Tuning
§ SOC Portal (Device Onboarding, Device Tuning Advisory, Change
Request, Ticket Status)
§ Incident Severity Definition Correlated with Asset Classification
§ Device Health Monitoring
§ Device Hardening
§ Device Performance Tuning
§ Fabric Posture Improvement

1
DATA SHEET | FortiCloud SOC-as-a-Service

HIGHLIGHTS

How Does It Work

Two Deployment Options

Customer On-Prem FAZ Customer FAZ Cloud

Subscription Subscription
§ Subscribe to FortiCloud SOCaaS per FortiGate License § Subscribe to FortiCloud SOCaaS per FortiGate License

Monitoring Monitoring
§ Customer FGT logging to On-Prem FAZ § Customer FGT logging to FAZ Cloud
§ On-Prem FAZ forwards logs to FortiCloud SOCaaS for § FAZ Cloud sends alerts to FortiCloud SOCaaS for Security
Security Orchestration, Automation and Incident Response Orchestration, Automation and Incident Response

FortiCloud SOCaaS FortiCloud SOCaaS

Value to Customers
Full Cyber Kill Chain Lifecycle SOC Use Cases
FORTIGATE MODULES AND LICENSE
SOC USE CASES ATTACK KILL CHAIN REFERENCE SOC DELIVERABLES
REQUIRMENTS

Fabric Device Monitoring (Logging & Security)

Attack Prevention & Detection Across all
FortiAnalyzer (Firmware License)
Kill Chain Phases
Fabric Device Tuning & Reports

Policy Violation Detection Recon Activity App Control (Firmware License)

Traffic Log Analysis (Firmware License) FortiGate Logging to FAZ

Initial Compromise Detection Weaponizing & Delivery Web Filtering (UTP License Required) FortiGate System Security Event Monitoring
Spam Filtering (UTP License Required)
Daily \ Weekly SOC Reports:
Malware Detection Antivirus (ATP License Required)
Outbreak Prevention (License Required) • Asset Visibility
Sandbox Cloud (License Required) • Policy Violations
Exploitation & Installation • UTM Tuning
Intrusion Detection Intrusion Prevention (ATP License Required)
Industrial DB (License Required) Threat Detection & Analysis - Alert Triage
WAF (License Required)
SOC Portal Access
C&C & Botnet Detection (Compromised Host) Command & Control Intrusion Prevention (ATP License Required)
FortiAnalyzer (IOC License Required)

Recon Activity & Lateral Movement Detection Action on Objectives Anomaly Detection (Firmware License)
Traffic Log Analysis (Firmware License)

2 2
 DATA SHEET | FortiCloud SOC-as-a-Service

BENEFITS

Actionable Alerts Gain Expert Insights

§ Customer’s network is monitored by Fortinet SOC analysts § Customer gain expert insight into their log data and
misconfigured security controls
§ Customers don’t have to deal with overwhelming alerts and
false positives § Real-time incident alerting
§ Fast incident response and remediation
Simplified Operations & Predictable Costs
§ 24x7 access to expert SOC analysts
§ Customers have a predictable cost for their security
operations
§ Reduced operational complexity
§ Reduced operational cost

Global SOC Locations

3
 DATA SHEET | FortiCloud SOC-as-a-Service

ORDER INFORMATION
Each FortiGate unit to be monitored must have one of the following subscriptions:

SKU Description
FC-10-XXXXX-841-02-DD 360 Protection (FMG/FAZ Cloud, FortiCloud SOCaaS, IPS, AMP, App Ctrl, Web & Video Filtering, AS, Security Rating, IoT Detection, Industrial Security,
XXXXX is defined by the FortiGate SD-WAN Orchestrator, SD-WAN Cloud Monitoring, FortiConverter Svc, and ASE FortiCare
appliance code

FC-10-FG[X]VM-842-02-DD 360 Protection for FortiGate-VM with X CPU (FMG/FAZ Cloud, FortiCloud SOCaaS, IPS, AMP, App Ctrl, Web & Video Filtering, AS, Security Rating, IoT
X refers to different FG VM models - Detection, Industrial Security, SD-WAN Orchestrator, SD-WAN Cloud Monitoring, FortiConverter Svc, and ASE FortiCare)
# of CPUs

FCx-10-FGVVS-843-02-DD Subscriptions license for FortiGate-VM with 360 Protection Bundle included
X refers to different FortiGate VM
subscription licences

FC-10-XXXXX-464-02-DD FortiAnalyzer Cloud SOCaaS: Cloud-based Log Monitoring (PaaS), including IOC Service and FortiCloud SOCaaS
XXXXX is defined by the FortiGate
appliance code

www.fortinet.com

Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

FSOC-DAT-R2-20210423