One of the biggest security challenges organizations face is being able to see enough of the network to identify today’s most advanced, multi-vector threats. Ideally, you need to be able to see across the distributed network, including cloud deployments and devices from multiple network and security vendors, correlate detected local activity with global threat intelligence and expected behaviors, and coordinate a response across the entire portfolio of installed security solutions.
This becomes increasingly challenging as networks continue to expand beyond the perimeter and embrace increasing numbers of devices and applications. As the network expands, the attack surface naturally expands with it. At the same time, new threats are targeting this distributed network architecture. Mobility, IoT, virtualization, big data, and the cloud aren’t only transforming businesses. They are being specifically targeted, which is a game changer for security as well. For example, it is estimated that by 2020 over 25% of attacks on enterprises will involve IoT.
Unfortunately, traditional security technologies and methods aren’t keeping up. Right now, 60% of compromises that manage to breach traditional perimeter defenses begin stealing data within minutes. Yet, because active threat monitoring and event correlation are rare, more than 70% of cybersecurity breaches go undetected for months.
Unfortunately, enterprises continue to struggle with limited defensive resources, a growing security skills shortage, and the proliferation of security tools that operate in isolation. Security teams monitor an average of 14 separate security consoles to try and manage, assess, and secure the expanding array of devices and technologies on their networks. Many times, they have to compare log files, hand correlate data, and manually change policies between devices in order to address threats, which means that many threats go undetected, and response times are too slow for attacks that operate at machine speeds.
Fortinet recently announced the Fortinet Security Fabric, which integrates the Fortinet security portfolio, as well as third-party solutions, into an integrated security architecture. The Fortinet Security Fabric allows security devices to share threat intelligence and coordinate responses anywhere across the distributed network, from IoT, across the network, and out to the Cloud.
And now, Fortinet is announcing the acquisition of AccelOps, a next-generation SIEM tool that significantly enhances visibility and control across the network, by enhancing network security visibility, security data analytics, and threat intelligence across multi-vendor solutions, as well as advanced controls designed for organizations like service providers who need to manage and secure multi-tenant environments.
AccelOps is a next-generation, cloud-based SIEM event correlation, analysis, and reporting tool that provides a comprehensive view across multiple architectures and network domains to deliver real-time threat detection and analytics – including the detection of sophisticated, evasion-enabled advanced threats that often span across multiple attack vectors.
AccelOps sensors auto-discover the network or network segment to which it is assigned, and then baselines the devices and traffic located there. Administrators can then centrally orchestrate the collection of real events across multiple collection points by pushing out policy. Collected data is then processed locally in real-time using patented correlation and analysis algorithms. Threat and network data is then gathered and correlated across all network segments for a holistic view of threat vectors and anomalous behaviors across the entire distributed network attack surface, through a central, single pane of glass tiered management interface located in the cloud.
AccelOps enhances the Fortinet security portfolio in three important ways:
- Fortinet Security Fabric Integration. AccelOps intelligence, coupled with FortiGuard Lab’s global threat intelligence and third-party threat feeds, will be integrated directly into the Fortinet Security Fabric, enabling automated threat prevention. Enterprises will benefit from actionable threat intelligence and prioritized, coordinated response across the distributed network on a subscription basis. The AccelOps technology will also be integrated into Fortinet’s Advanced Threat Protection (ATP) and Internal Segmentation Firewall (ISFW) solutions.
- Next Generation Security Information and Event Management. AccelOps is a Next Gen SIEM (Security Information and Event Management) solution that provides real-time event correlation and threat analytics collected from network and security devices deployed anywhere across the distributed enterprise. Its modular and highly scalable design operates seamlessly across physical, virtual, and cloud environments, and its cloud-based orchestration and management console provides centralized visibility and control – even for complex multi-tenant environments.
- FortiCare 360° Support. Because AccelOps enables complete visibility across the extended security infrastructure, it is a critical component of a new service being offered from Fortinet, called FortiCare 360° Support, which will provide customers with automated security and performance audits of their specific security infrastructure, and advisories to help prevent unplanned service disruptions, while intercepting problems before they impact performance and service delivery.
AccelOps’ patented network detection, threat collection and correlation, and centralized, cloud-based management technologies not only expand user visibility and control across the distributed network, but can be seamlessly extended to support managed cloud and service provider environments through its carrier-class, multi-tenancy management tools.