Fortinet FortiAnalyzer FAZ-1000F Network Security Appliance – 2 Port – 10GBase-T, 10GBase-X – 10 Gigabit Ethernet – 2 x RJ-45 – 2 Total Expansion Slots – 2U – Rack-mountable APPL 2X 10GBE RJ45 2X 10GBE SFP+ 32Security-Driven Analytics & Log Management
FortiAnalyzer provides deep insights into advanced threats through Single-Pane Orchestration, Automation & Response for your entire attack surface to reduce risks and improve your organization’s overall security.
Integrated with Fortinet’s Security Fabric, FortiAnalyzer simplifies the complexity of analyzing and monitoring new and emerging technologies that have expanded the attack surface, and delivers end-to-end visibility, helping you identify and eliminate threats.
Advanced Threat Detection & Correlation allows Security & Network teams to immediately identify and respond to network security threats across the infrastructure.
Automated Workflows & Compliance Reporting provides customizable dashboards, reports and advanced workflow handlers for both Security & Network teams to accelerate workflows & assist with regulation and compliance audits.
Scalable Log Management collects logs from FortiGate, FortiClient, FortiManager, FortiSandbox, FortiMail, FortiWeb, FortiAuthenticator, Generic syslog and others. Deploy as an individual unit or optimized for a specific operation and scale storage based on retention requirements.
Security Operations Center (SOC)
FortiAnalyzer’s SOC management center helps secure your overall network by providing actionable views of log and threat data. Protect your network, web sites, applications, databases, servers and data centers, and other technologies, with centralized monitoring, awareness of the threats, events and network activity, using predefined and customized dashboards delivered through a single-pane-of-glass interface for easy integration into your Security Fabric.
Incident Detection & Response
FortiAnalyzer’s Automated Incident Response capability improves Management & Analytics with a focus on event management and identification of compromised endpoints. Improved default and custom event handlers can be used to detect malicious and suspicious activities on the spot. Integration of events with the FOS automation framework for automated actions such as endpoint quarantine or blacklist IPs. Incident detection and tracking, as well as evidence collection and analysis, are streamlined through integration with ITSM platforms, helping to bridge gaps in your Security Operations Center and reinforce your Security Posture.
Event handlers enable quick detection, automated correlation and connected remediation with incident management to simplify log analysis and threat identification across your Fortinet Security Fabric. Create event handlers for FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox devices, and syslog servers. Define what messages to extract from logs and display in events and send alerts for event handlers via email address, webhook, SNMP community, or syslog server.
- End-to-end visibility: Event correlation, threat detection and Indicator of Compromise (IOC) service reduce time-to-detect and identity threats
- Fortinet Security Fabric integration: Correlates with logs from FortiClient, FortiSandbox, FortiWeb, and FortiMail for deeper visibility and critical network insights
- Enterprise-grade high availability: Automatically back-up FortiAnalyzer DB’s (up to 4 node cluster) that can be geographically dispersed for disaster recovery
- Security automation: Reduce complexity and leverage automation via REST API, scripts, connectors, and automation stitches to expedite security response
- Multi-tenancy and administrative domains (ADOMs): Separate customer data and manage domains leveraging ADOMs to be compliant and operationally effective
- Flexible deployment options & archival storage: Supports deployment of appliance, VM, hosted or cloud. Use AWS, Azure or Google to archive logs as a secondary storage