Security Operations Centers (SOCs) are facing a growing challenge as cyber attackers leverage AI to launch faster and more advanced threats. At the same time, concerns around data and operational sovereignty often prevent multinational organizations from running a fully centralized SOC. Addressing these challenges, the newest FortiSIEM release delivers enhanced threat detection capabilities, agentic AI–driven incident management, and flexible data sovereignty compliance features designed to support SOC operations across multiple regions.

FortiAI-Assist Agentic AI Powers Incident Management

FortiSIEM 7.5 brings agentic AI capabilities designed to streamline and accelerate incident investigation, response, and a wide spectrum of analyst workflows. By leveraging intelligent agents that can perform complex, multi-step operations, SOC teams can significantly reduce manual effort and response time. The newly introduced FortiSIEM agents include:

• Investigation Assistant: Automatically performs comprehensive incident analysis and generates detailed reports, covering evidence enrichment, attack chain reconstruction, impact evaluation, identification of related incidents, and actionable remediation recommendations.
• Companion Assistant: Interacts with analysts through natural language prompts to execute advanced searches, threat hunting activities, and other FortiSIEM operational tasks.

FortiAI-Assist serves as a foundational capability across all Fortinet SOC Platform solutions and is also integrated into many other products within the broader Fortinet portfolio.

Data Sovereignty Capabilities That Support Regulatory Compliance

As cyber threats grow more advanced and geopolitical risks continue to rise, regional data localization has become a critical requirement for many organizations. However, strong cybersecurity postures typically rely on a centralized SOC model for effective detection and response. FortiSIEM now bridges this gap by enabling organizations to maintain a centralized SOC strategy while adhering to regional data sovereignty regulations. This capability delivers centralized incident management and full FortiSIEM functionality across multiple domains, while ensuring that data collection and storage remain localized.

Unlimited Agent-Based IT and OT Monitoring Enhances Visibility

Endpoint agents play a crucial role in expanding SIEM visibility and improving threat detection, yet adoption is often limited by concerns around cost or operational complexity. FortiSIEM addresses this challenge by providing a robust Windows agent for both IT and OT environments at no additional cost. The agent operates without centralized management requirements, making it suitable for OT environments that rely on data-diode-only communications while still delivering deep monitoring and detection capabilities.

Read More...